{"id":"CVE-2024-47911","details":"In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to inject blind SQL commands.","modified":"2026-04-12T09:58:17.037176Z","published":"2024-10-04T21:15:13.530Z","references":[{"type":"REPORT","url":"https://sonarsource.atlassian.net/browse/SONAR-22340"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sonarsource/sonarqube","events":[{"introduced":"0"},{"fixed":"37e0ed33d0d419ec8f366490f64a427e24827886"}],"database_specific":{"versions":[{"introduced":"10.4"},{"fixed":"10.6"}]}}],"versions":["10.0.0.68432","10.2.0.77647","10.5.0.89998","2.6","3.4","5.2-RC1","5.2-RC2","5.4-M10","5.4-M11","5.4-M12","5.4-M13","5.4-M2","5.4-M3","5.4-M4","5.4-M5","5.4-M6","5.4-M7","5.4-M8","5.4-M9","5.5-M1","5.5-M10","5.5-M11","5.5-M12","5.5-M13","5.5-M14","5.5-M2","5.5-M3","5.5-M4","5.5-M5","5.5-M6","5.5-M7","6.3-RC1","6.3.0.18401","6.5-M2","7.5","7.6","7.7","7.8","8.0","8.2.0.32929","8.3.0.34182","8.4.0.35506","8.5.0.37579","8.7.0.41497","8.8.0.42792","8.9.0.43852","9.0.0.45539","9.1.0.47736","9.3.0.51899","9.5.0.56709","9.6.0.59041","9.7.0.61563","9.8.0.63668","latest-silver-master-#65"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47911.json","vanir_signatures":[{"source":"https://github.com/sonarsource/sonarqube/commit/37e0ed33d0d419ec8f366490f64a427e24827886","id":"CVE-2024-47911-7b84e34a","target":{"file":"server/sonar-db-core/src/test/java/org/sonar/db/dialect/PostgreSqlTest.java"},"deprecated":false,"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["70092583582037603767041573138754969000","333482180172319684516265939412939114183","230018480906766453232906995827836420493","60271953481508226336673326057382681836"]}},{"source":"https://github.com/sonarsource/sonarqube/commit/37e0ed33d0d419ec8f366490f64a427e24827886","id":"CVE-2024-47911-e586fd8e","target":{"file":"server/sonar-db-core/src/test/java/org/sonar/db/dialect/OracleTest.java"},"deprecated":false,"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["56903594657100345274133594403394646560","44158269269018395291406814886138791256","263458271494045823736805151437707828590","221202134354885032975545630166988128664"]}}],"vanir_signatures_modified":"2026-04-12T09:58:17Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}