menu arrow_back 湛蓝安全空间 |狂野湛蓝,暴躁每天 chevron_right All_wiki chevron_right --Vulnerability-main chevron_right CVE-2020-27986 SonarQube api 未授权访问.md
  • home 首页
  • brightness_4 暗黑模式
    • cloud
    xLIYhHS7e34ez7Ma
    cloud
    湛蓝安全
    code
    Github
    CVE-2020-27986 SonarQube api 未授权访问.md
    380 B / 2021-05-21 09:14:38
        # CVE-2020-27986 SonarQube api 未授权访问


SonarQube配置不当造成未授权访问,可以通过api/settings/values获取明文SMTP、SVN和Gitlab等敏感信息

PoC:

http://[server]/api/settings/values

![](media/16097308794889/16097308985770.jpg)


ref:

https://csl.com.co/sonarqube-auditando-al-auditor-parte-i/

https://forum.ywhack.com/thread-114647-1-6.html
    links
    file_download