CVE-2024-47910

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Oct 4, 2024

Updated: Oct 7, 2024

CWE ID 284

Summary

CVE-2024-47910 is a vulnerability affecting SonarSource SonarQube versions prior to 9.9.5 LTA and 10.x before 10.5, which allows an Administrator user to modify GitHub integration settings and exfiltrate a pre-signed JWT. The vulnerability has a high severity rating with a CVSS base score of 7.2, indicating significant potential impacts on confidentiality, integrity, and availability. Exploitation requires high privileges and can be performed remotely without user interaction, posing serious risks to organizations utilizing the affected products. To remediate this issue, users should upgrade to the latest versions of SonarQube where the vulnerability has been addressed. Further details can be found in the relevant SonarSource documentation and community forums.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database