CVE-2024-47911 MEDIUM

CVE-2024-47911

Vendor N/A
Product n/a
Published October 4, 2024
Last update October 4, 2024

CVSS base score

6.7/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AC:L/AV:N/A:L/C:H/I:H/PR:H/S:U/UI:N

What the vulnerability does

01Description

In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to inject blind SQL commands.

Key dates

02Disclosure timeline

October 4, 2024 CVE published
October 4, 2024 Record updated