SonarQube 8.2+ - Nessus Vulnerability Remediation Request - JQuery 1.2< 3.5.0 Multiple XSS

Nessus finds JQuery 1.2 < 3.5.0 Multiple XSS in …/static/js/jquery.2.2.4.min.js for version 8.4 and suggested an upgrade to JQuery to version 3.5.0 or later. Any ideas when this might be introduced in the upcoming roadmaps?

Before replying that this is not used in Sonarqube, please check here: https://<sonarqube_host>/static/js/jquery.2.2.4.min.js

Thanks for all you do folks!

Hi @kirkpabk ,

as already discussed here we do not ship jquery. you can check the path in our production instance here: https://next.sonarqube.com/sonarqube/static/js/jquery.2.2.4.min.js (will result in a 404).

as already mentioned in the other thread by my colleague @Wouter_Admiraal you may have installed a 3rd party plugin that shipps jquery.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.