CVE-2018-19413

Name of the Vulnerable Software and Affected Versions SonarSource SonarQube versions prior to 7.4

Description A vulnerability in the API of SonarSource SonarQube could allow an authenticated user to discover sensitive information, such as valid user-account logins, in the web application. This issue occurs due to improperly configured access controls, causing the API to return the externalIdentity field to non-administrator users. The attacker could use this information in subsequent attacks against the system.

Recommendations For versions prior to 7.4, update to version 7.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the API to minimize the risk of exploitation. Avoid using the externalIdentity field in the affected API endpoint until the issue is resolved.