SonarQube: Potential Exposure of Encrypted Values in URL Parameters - Proactive Insights and Support For Open-Source Applications

In SonarQube versions before 10.4 and 9.9.4 LTA (Long-Term Support) a medium severity vulnerability CVE-2024-38460 was detected. This vulnerability allows attackers to exploit encrypted values exposed in plaintext within URL parameters found in logs such as SonarQube Access Logs and Proxy Logs. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38460.