"path traversal" in 9.9.3

aperezra · September 4, 2024, 6:40pm

Version: Sonarqube 9.9.3 Enterprise edition
How is SonarQube deployed: zip

We are installing this version in our on-prem server. Before going production our Cibersecurity area ran som security tests on the SonarQube URL. Unfortunately they found a high vulnerability: The “path traversal” one that it is supposed to be fixed as soon as possible.

References:

I wonder if this is something you are aware of or if it is fixed in any other version. I tried to look for it in your jira but found nothing.

Thanks

Colin · September 4, 2024, 7:53pm

Hi,

I’ve unlisted your topic since you’re reporting a vulnerability. Our responsible disclosure policy asks that you email security@sonarsource.com rather than making public posts. Could you please re-send this to security@sonarsource.com?

Thanks

Topic		Replies	Views
CVE-2022-22970, CVE-2022-22971 Vulnerabilities in SonarQube 8.9 LTS SonarQube Server / Community Build sonarqube , security , spring , cve	1	1456	May 9, 2023
Sonarqube 10.1.0-enterprise vulnerabilities SonarQube Server / Community Build	1	247	September 14, 2023
Is there "official" sonarqube documentation that states version 9.9 is NOT impacted by CVE-2022-4288 SonarQube Server / Community Build	5	909	May 24, 2023
Post Upgrade to LTS, there is a spike in Vulnerabilities Reported SonarQube Server / Community Build upgrade , dotnet , issues	7	803	April 24, 2023
CVE-2022-42889 effect on SonarQube SonarQube Server / Community Build security , cve	27	6842	November 25, 2022

"path traversal" in 9.9.3

Related topics