Table of contents
3. Brief description of the vulnerability
1. Background
Recently, many foreign media broke the news about the multi-source code leakage incident, which involved the SonarQube code audit platform of many institutions and enterprises in China . The community can go and see for themselves
2. Understand SonarQube
SonarQube is an open source code quality management and analysis audit platform that supports code quality management of more than 20 programming languages including Java, C#, C/C++, PL/SQL, Cobol, JavaScript, Groovy, etc. , Program errors, writing specifications, security vulnerabilities and other issues are detected, and the results are presented through the SonarQube web interface.
The affected SonarQube version is <8.6
3. Brief description of the vulnerability
This vulnerability is unauthorized access caused by improper configuration. Attackers can use this vulnerability to access the api/settings/values interface without authorization to obtain SMTP, SVN, GitLab credentials, and further obtain other sensitive code and data information. cause serious harm.
4. Build a shooting range
Here I use the docker image, first download the sonarqube8.3.1-developer version
docker pull sonarqube:8.3.1-developer
Create a container and run sonarqube, set the port
docker run -d -p 9000:9000 -p 9092:9092 sonarqube
View running containers
docker ps
5. Vulnerability recurrence
It can be accessed directly in the browser.
When we visit the browser as http://192.168.3.1388:9000/api/settings/values , we can directly obtain sensitive information
There is another interface information leakage in this system: when we access the browser as http://192.168.3.138:9000/api/webservices/list , we can see the information leakage.
The next article is a detection script for CVE-2020-27986 (SonarQube sensitive information leakage) I wrote in python. If you are interested, you can take a look at CSDN