Hey, guys, I believe there is remote code execution vulnerability on your website: https://docs.sonarqube.org/pages/ and your bug reporting process is broken. I couldn’t find any contacts and had to register here only to find that new users aren’t allowed to create new threads either.
I don’t feel comfortable sharing that sort of information publicly, but I guess doing it on this forum is better than over Twitter.
Anyway, here it goes. Your website https://docs.sonarqube.org/pages/ uses outdated Confluence version (6.4.3) that is vulnerable to remote code execution. This flaw has been known since March and it is trivially exploited. Furthermore there is public exploit in a form of Metasploit module: https://github.com/rapid7/metasploit-framework/pull/11717 . I have information about these bugs being exploited in the wild and automated scanning has been happening for a few days now.
Please update your Confluence, check logs for indicators of compromise and establish clear guidelines for reporting security incidents so that next researcher does not have to drop zero days in your software on fucking Twitter.