CVE-2020-37020

Name of the Vulnerable Software and Affected Versions SonarQube version 8.3.1

Description SonarQube 8.3.1 contains an unquoted service path issue that allows local attackers to gain SYSTEM privileges. Attackers can replace the wrapper.exe file in the service path with a malicious executable, which is then executed with highest system privileges when the service restarts.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.