Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.7.6, 7.5
    • Component/s: None
    • Labels:
      None
    • Edition:
      Community
    • Production Notes:
      None

      Description

      The vulnerability is present at login.
      Redirects can be used to point to an external website or to execute malicious code.

      The vulnerability is fixed in SonarQube 6.7.6 LTS and in latest version 7.5.

        Activity

        Show
        julien.lancelot Julien Lancelot added a comment - - edited Christophe Levis You can validate in following PRs : https://github.com/SonarSource/sonar-enterprise/pull/946 : https://repox.sonarsource.com/sonarsource/org/sonarsource/sonarqube/sonar-application/7.5.0.19374/sonar-application-7.5.0.19374.zip https://github.com/SonarSource/sonarqube/pull/3186 : https://repox.sonarsource.com/sonarsource/org/sonarsource/sonarqube/sonar-application/6.7.6.38750/sonar-application-6.7.6.38750.zip
        Hide
        christophe.levis Christophe Levis added a comment -

        Checked on 6.7.6

        Show
        christophe.levis Christophe Levis added a comment - Checked on 6.7.6

          People

          • Assignee:
            julien.lancelot Julien Lancelot
            Reporter:
            christophe.levis Christophe Levis
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Due:
              Created:
              Updated:
              Resolved: