CVE-2024-47910

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Oct 4, 2024

Updated: Oct 7, 2024

CWE ID 284

Summary

CVE-2024-47910 is a vulnerability affecting SonarSource SonarQube versions before 9.9.5 LTS and 10.x before 10.5. This issue grants a SonarQube administrator the ability to manipulate an existing GitHub integration configuration, leading to potential exfiltration of a pre-signed JSON Web Token (JWT). The impact of this vulnerability is significant, as it could allow unauthorized access to sensitive information in GitHub repositories. SonarSource strongly advises upgrading to the latest versions to mitigate this risk. Users with affected versions should take immediate action to secure their integrations and limit administrative privileges.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

SonarQube

Affected Vendors

SonarSource S.A.

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners