Sonarsource · Sonarqube · CVE-2020-37020
**Name of the Vulnerable Software and Affected Versions**
SonarQube version 8.3.1
**Description**
SonarQube 8.3.1 contains an unquoted service path issue that allows local attackers to gain SYSTEM privileges. Attackers can replace the `wrapper.exe` file in the service path with a malicious executable, which is then executed with highest system privileges when the service restarts.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.