CVE-2024-38460 – In SonarQube before 10.4 and 9.9.4 LTA, encrypted

CVE ID : CVE-2024-38460

Published : June 16, 2024, 3:15 p.m. | 1 hour, 5 minutes ago

Description : In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs, etc).

Severity: 4.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…CVE ID : CVE-2024-38460

Published : June 16, 2024, 3:15 p.m. | 1 hour, 5 minutes ago

Description : In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs, etc).

Severity: 4.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…