org.sonarsource.sonarqube:sonar-plugin-api@7.4-alpha2 vulnerabilities
latest version
9.4.0.54424
latest non vulnerable version
first published
9 years ago
latest version published
2 years ago
licenses detected
- [5.2-RC2,)
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.sonarsource.sonarqube:sonar-plugin-api package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
org.sonarsource.sonarqube:sonar-plugin-api provides the capability to not only show health of an application but also to highlight issues newly introduced. Affected versions of this package are vulnerable to Information Exposure. An authenticated user could discover sensitive information such as valid user-account logins in the web application. The vulnerability occurs because of improperly configured access controls that cause the API to return the externalIdentity field to non-administrator users. The attacker could use this information in subsequent attacks against the system. How to fix Information Exposure? Upgrade org.sonarsource.sonarqube:sonar-plugin-api to version 7.4 or higher. | [,7.4) |