Enterprise EditionVersion 9.4 and CVE-2022-41852, CVE-2022-42889

Karthik_Ramachandran · November 3, 2022, 8:44pm

We are using EE 9.4. Are we affected by CVE-2022-41852, CVE-2022-42889 vulnerabilties?

jeremy.cotineau · November 4, 2022, 3:04pm

Hello @Karthik_Ramachandran, thanks a lot for taking the time to participate to the community.

As you may not know, we are only supporting Latest SonarQube version ( 9.7.1 ) and LTS ( 8.9.10 ).

I would highly suggest you to upgrade to the latest version or use the LTS. As we are fixing vulnerabilities only on those supported versions.

Jeremy Cotineau

system · December 16, 2022, 11:50am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Is there "official" sonarqube documentation that states version 9.9 is NOT impacted by CVE-2022-4288 SonarQube Server / Community Build	5	885	May 24, 2023
Is CVE-2022-42889, AKA Text4Shell vulnerability impacting SonarQube SonarQube Server / Community Build security , cve	1	1481	October 21, 2022
CVE-2022-22970, CVE-2022-22971 Vulnerabilities in SonarQube 8.9 LTS SonarQube Server / Community Build sonarqube , security , spring , cve	1	1428	May 9, 2023
CVE-2022-42889 effect on SonarQube SonarQube Server / Community Build security , cve	27	6746	November 25, 2022
Sonarqube vulnurability CVE-2020 SonarQube Server / Community Build	3	465	August 25, 2021