SonarQube uses jquery.2.2.4.min.js -- known CVE Issues - Update >= v3.5.0

kirkpabk · July 1, 2020, 11:51am

Vulnerability scanners report our servers having a vulnerability due to the jquery.2.2.4 embedded version. We must mitigate this and update to at least version 3.5.0.

Sample path:
https://sonarqube/static/js/jquery.2.2.4.min.js

Please provide a patch or instructions on how we might temporarily replace/update locally, if possible. If unable to provide this, please provide an anticipated roadmap/timeline for remediation.

Wouter_Admiraal · July 7, 2020, 8:42am

Hi @kirkpabk.

We do not use jQuery in SonarQube. You may have installed a third-party plugin that does so. Please contact them directly.

system · July 14, 2020, 8:42am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
SonarQube 8.2+ - Nessus Vulnerability Remediation Request - JQuery 1.2< 3.5.0 Multiple XSS SonarQube Server / Community Build security	2	1274	February 1, 2021
CVE-2021-23337 in Sonarqube 8.7 SonarQube Server / Community Build sonarqube	7	1020	March 25, 2021
SonarQube and CVE-2021-44228 SonarQube Server / Community Build sonarqube , security	3	4642	December 10, 2021
Sonarqube 7.2.1 version- security question SonarQube Server / Community Build sonarqube	4	587	July 10, 2018
Is sonarqube 7.9.5 vulnerable to (CVE-2021-44228) log4j vulnerabilities SonarQube Server / Community Build sonarqube	20	4494	December 29, 2021

SonarQube uses jquery.2.2.4.min.js -- known CVE Issues - Update >= v3.5.0

Related topics