ruckc
(Curtis Ruck)
May 4, 2021, 5:15pm
1
I found a security vulnerability in the latest version of SonarQube. What is the process for reporting it, so it can be fixed prior to public disclosure.
ganncamp
(G Ann Campbell)
May 4, 2021, 5:42pm
2
Hi,
Welcome to the community & thanks for asking!
I think this is what you’re looking for:
Follow this guide if you’ve found a vulnerability in one of Sonar’s products or websites and you want to responsibly report it.
Sonar customers with a support contract can report the vulnerability directly through the support channel.
Otherwise, send an email to security@sonarsource.com .
What we need from you:
Detail the steps you followed that make the vulnerability exploitable including any URLs or code you used. The more information you provide, the faster we can reproduce and fix the pr…
Ann
system
(system)
Closed
May 11, 2021, 5:42pm
3
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.