CNNVD-202601-4918 Information

CNNVD ID

CNNVD-202601-4918

Related CVE

CVE-2020-37020

• CNNVD Published: 2026-01-29

Description (Chinese)

SonarQube是Sonar开源的一个代码检查工具。 SonarQube 8.3.1版本存在代码问题漏洞，该漏洞源于服务路径未加引号，可能导致本地攻击者获得SYSTEM权限。

Description (English)

SonarQube is a code check tool for Sonar ’ s open source. Version 8.3.1 of SonarQube has a code gap, which stems from the lack of quotation marks on service routes, which may result in local attackers gaining SYSTEM access.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

Sonar

Published

2026-01-29

Last Modified

2026-02-24

References

https://www.exploit-db.com/exploits/48677 https://www.sonarqube.org https://www.vulncheck.com/advisories/sonarqube-unquoted-service-path