org.sonarsource.sonarqube%3Asonar-plugin-api@7.4-alpha2 vulnerabilities
-
latest version
9.4.0.54424
-
latest non vulnerable version
-
first published
9 years ago
-
latest version published
2 years ago
-
licenses detected
- [5.2-RC2,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.sonarsource.sonarqube%3Asonar-plugin-api package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
org.sonarsource.sonarqube:sonar-plugin-api provides the capability to not only show health of an application but also to highlight issues newly introduced. Affected versions of this package are vulnerable to Information Exposure. An authenticated user could discover sensitive information such as valid user-account logins in the web application. The vulnerability occurs because of improperly configured access controls that cause the API to return the externalIdentity field to non-administrator users. The attacker could use this information in subsequent attacks against the system. How to fix Information Exposure? Upgrade org.sonarsource.sonarqube:sonar-plugin-api to version 7.4 or higher. |
[,7.4)
|