cvedb.io
CVE-2018-19413
MEDIUM · CVSS 4.3
EPSS exploitation probability: 0%
Published 2018-12-14T15:29:00.780 · Last modified 2026-06-17T01:49:15.933

Summary

A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. The vulnerability occurs because of improperly configured access controls that cause the API to return the externalIdentity field to non-administrator users. The attacker could use this information in subsequent attacks against the system.

Affected products

sonarsource — sonarqube

Does this affect you?

Add your gear to cvedb and we'll alert you only when sonarsource ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.