CVE-2024-47911

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-47911

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47911.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-47911

Published

2024-10-04T21:15:13.530Z

Modified

2026-04-12T09:58:17.037176Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to inject blind SQL commands.

References

https://sonarsource.atlassian.net/browse/SONAR-22340

Affected packages

Git / github.com/sonarsource/sonarqube

Affected ranges

Type

GIT

Repo

https://github.com/sonarsource/sonarqube

Events

Introduced

Fixed

37e0ed33d0d419ec8f366490f64a427e24827886

Database specific

{
    "versions": [
        {
            "introduced": "10.4"
        },
        {
            "fixed": "10.6"
        }
    ]
}

Affected versions

10.*

10.0.0.68432

10.2.0.77647

10.5.0.89998

2.*

2.6

3.*

3.4

5.*

5.2-RC1

5.2-RC2

5.4-M10

5.4-M11

5.4-M12

5.4-M13

5.4-M2

5.4-M3

5.4-M4

5.4-M5

5.4-M6

5.4-M7

5.4-M8

5.4-M9

5.5-M1

5.5-M10

5.5-M11

5.5-M12

5.5-M13

5.5-M14

5.5-M2

5.5-M3

5.5-M4

5.5-M5

5.5-M6

5.5-M7

6.*

6.3-RC1

6.3.0.18401

6.5-M2

7.*

7.5

7.6

7.7

7.8

8.*

8.0

8.2.0.32929

8.3.0.34182

8.4.0.35506

8.5.0.37579

8.7.0.41497

8.8.0.42792

8.9.0.43852

9.*

9.0.0.45539

9.1.0.47736

9.3.0.51899

9.5.0.56709

9.6.0.59041

9.7.0.61563

9.8.0.63668

Other

latest-silver-master-#65

Database specific

vanir_signatures_modified

"2026-04-12T09:58:17Z"

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47911.json"

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "70092583582037603767041573138754969000",
                "333482180172319684516265939412939114183",
                "230018480906766453232906995827836420493",
                "60271953481508226336673326057382681836"
            ]
        },
        "target": {
            "file": "server/sonar-db-core/src/test/java/org/sonar/db/dialect/PostgreSqlTest.java"
        },
        "signature_type": "Line",
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2024-47911-7b84e34a",
        "source": "https://github.com/sonarsource/sonarqube/commit/37e0ed33d0d419ec8f366490f64a427e24827886"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "56903594657100345274133594403394646560",
                "44158269269018395291406814886138791256",
                "263458271494045823736805151437707828590",
                "221202134354885032975545630166988128664"
            ]
        },
        "target": {
            "file": "server/sonar-db-core/src/test/java/org/sonar/db/dialect/OracleTest.java"
        },
        "signature_type": "Line",
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2024-47911-e586fd8e",
        "source": "https://github.com/sonarsource/sonarqube/commit/37e0ed33d0d419ec8f366490f64a427e24827886"
    }
]