CVE-2024-38460
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-38460
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38460.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-38460
- Aliases
- Published
- 2024-06-16T15:15:51Z
- Modified
- 2024-10-08T04:16:32.171339Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs, etc).
- References
Affected packages
Git / github.com/sonarsource/sonarqube
Affected ranges
- Type
- GIT
- Repo
- https://github.com/sonarsource/sonarqube
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.12
2.6
2.7
2.8
2.9
3.*
3.1
3.1.1
3.2
3.4
4.*
4.4
4.4-RC1
4.4-RC2
4.4-RC3
4.5
4.5-RC1
4.5-RC2
4.5-RC3
4.5.1
4.5.1-RC1
5.*
5.0-RC1
5.0-RC2
5.0-RC3
5.0-RC4
5.0.1
5.1
5.1-RC1
5.1-RC2
5.1.1
5.1.2
5.2
5.2-RC1
5.2-RC2
5.2-RC3
5.3
5.3-RC2
5.3-RC3
5.4
5.4-M1
5.4-M10
5.4-M11
5.4-M12
5.4-M13
5.4-M14
5.4-M2
5.4-M3
5.4-M4
5.4-M5
5.4-M6
5.4-M7
5.4-M8
5.4-M9
5.4-RC1
5.4-RC2
5.4-RC3
5.4-RC4
5.5
5.5-M1
5.5-M10
5.5-M11
5.5-M12
5.5-M13
5.5-M14
5.5-M2
5.5-M3
5.5-M4
5.5-M5
5.5-M6
5.5-M7
5.5-RC1
5.5-RC2
5.6
5.6-RC1
5.6-RC2
5.6.1
5.6.2
5.6.3
6.*
6.0
6.0-RC1
6.0-RC2
6.1
6.1-RC1
6.1-RC2
6.1.1
6.2
6.2-RC1
6.2-RC2
6.2-RC3
6.2.1
6.3
6.3-RC1
6.3-RC4
6.3.0.18401
6.3.0.18587
6.3.0.18800
6.3.1
6.3.2
6.4
6.4-RC1
6.4-RC2
6.4-RC3
6.5
6.5-M2
6.5-M3
6.5-M4
6.5-RC1
6.5-RC2
6.6
6.6-RC1
6.7
6.7-RC1
6.7.1
7.*
7.0
7.0-RC1
7.5
7.6
7.7
7.8
8.*
8.0
8.2.0.32929
8.3.0.34182
8.4.0.35506
8.5.0.37579
8.7.0.41497
8.8.0.42792
8.9.0.43852
9.*
9.0.0.45539
9.1.0.47736
9.3.0.51899
9.5.0.56709
9.6.0.59041
9.7.0.61563
9.8.0.63668
9.9.0.65466
9.9.1.69595
9.9.2.77730
9.9.3.79811
Other
latest-silver-master-#65