Hugo Vincent

**Name of the Vulnerable Software and Affected Versions** SonarSource SonarQube versions prior to 9.9.5 LTA SonarSource SonarQube versions prior to 10.5 **Description** An issue was discovered in SonarSource SonarQube where a user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT. **Recommendations** For versions prior to 9.9.5 LTA, update to version 9.9.5 LTA or later. For versions prior to 10.5, update to version 10.5 or later. As a temporary workaround, consider restricting the modification of GitHub integration configurations to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to errors in pointer handling in the implementation of the Kerberos protocol in Windows. It allows a remote attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.