CVE-2018-19413

MEDIUM

SonarSource SonarQube <7.4 - Info Disclosure

Title source: llm
STIX 2.1

Description

A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. The vulnerability occurs because of improperly configured access controls that cause the API to return the externalIdentity field to non-administrator users. The attacker could use this information in subsequent attacks against the system.

References (2)

Core 2
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://jira.sonarsource.com/browse/SONAR-11305

Scores

CVSS v3 4.3
EPSS 0.0115
EPSS Percentile 62.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
org.sonarsource.sonarqube/sonar-plugin-api 0 - 7.5Maven
sonarsource/sonarqube < 7.4
Published Dec 14, 2018
Tracked Since Feb 18, 2026