Sonarqube Search_projects Project Information Leakage Vulnerability
Sonarqube Search_projects Project Information Leakage Vulnerability
SonarQube search_projects Project information leakage vulnerability
Vulnerability Description
There is a vulnerability in a certain interface of SonarQube. You can download the source code through the tool.
Vulnerability Impact
SonarQube
Network surveying and mapping
Vulnerability reappears
The homepage is as follows
Vulnerable POC
https://xxx.xxx.xxx.xxx/api/components/search_projects
The source code in the project can be downloaded through the tool
https://github.com/deletescape/sloot
This post is licensed under CC BY 4.0 by the author.