CNNVD-202510-1478 Information
Oct 10, 2025
cve
CNNVD ID
CNNVD-202510-1478
Related CVE
- CNNVD Published: 2025-10-10
Description (Chinese)
SonarQube是Sonar开源的一个代码检查工具。 SonarQube 25.6之前版本、2025.3 Commercial版本和2025.1.3 LTA版本存在安全漏洞,该漏洞源于低权限用户可查询/api/v2/users-management/users端点,可能导致获取管理员专用字段和其他账户的电子邮件地址。
Description (English)
SonarQube is a code check tool for Sonar ’ s open source. Prior to SonarQube 25.6, 2025.3 Commercial and 2025.1.3 LTA versions have a security loophole, which stems from the availability of /api/v2/user-manage/user endpoints for low-authorized users, which may lead to access to e-mail addresses of admin-only fields and other accounts.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Sonar
Published
2025-10-10
Last Modified
2026-02-24
References
https://sonarsource.atlassian.net/browse/SONAR-24830
Patch
https://www.sonarsource.com/products/sonarqube/downloads/
Share on: