CVE-2025-62292

Medium CVSS: 4.3

In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrators only, including the email addresses of other accounts.

Vendor

Product

CWE

CWE-669

Yayın Tarihi

2025-10-10 07:15:43

Güncelleme

2025-10-14 19:37:28

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-669 MEDIUM 2025

Referanslar

https://sonarsource.atlassian.net/browse/SONAR-24830