What is CVE-2020-27986?

CVE-2020-27986 is a vulnerability in N/a. Published 2020-10-28.

Is CVE-2020-27986 known to be exploited?

31 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-27986

SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to…

EPSS: 0.926 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

0day404/vulnerability-poc
189569400/Meppo
20142995/Goby
20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
ArrestX/--POC
EdgeSecurityTeam/Vulnerability
Elsfa7-110/kenzer-templates
H4ckTh3W0r1d/Goby_

References

csl.com.co/sonarqube-auditando-al-auditor-parte-i/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-27986?: CVE-2020-27986 is a vulnerability in N/a. Published 2020-10-28.
Is CVE-2020-27986 known to be exploited?: 31 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.