Must-share information (formatted with Markdown):
- which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension) : Sonarqube 8.9 LTS
- what are you trying to achieve : We have already used forced-authentication option for our sonarqube and we Want to Block below mentioned API for our sonarqube
http://our_sonarqube.com/api/system/*
http://our_sonarqube.com/api/l10n/index - what have you tried so far to achieve this : We want to block system API End points which are vulnerable since they are accessible outside organization without any authentication. We used Force user authentication option but still end points are accessible without any authentication which is exposing sensitive information like System ID and What version we are using.