Cleartext Credential Exposure in SonarQube 8.4.2.36762 via api/settings/values URI

Cleartext Credential Exposure in SonarQube 8.4.2.36762 via api/settings/values URI

CVE-2020-27986 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it.

Learn more about our Api Penetration Testing.