PT-2026-5293 · Sonarsource · Sonarqube
Velayutham Selvaraj
·
Publicado
2026-01-29
·
Atualizado
2026-01-29
·
CVE-2020-37020
CVSS v3.1
7.8
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SonarQube version 8.3.1
Description
SonarQube 8.3.1 contains an unquoted service path issue that allows local attackers to gain SYSTEM privileges. Attackers can replace the
wrapper.exe file in the service path with a malicious executable, which is then executed with highest system privileges when the service restarts.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Sonarqube