AI description
CVE-2024-47910 refers to a vulnerability in SonarSource SonarQube before versions 9.9.5 LTA and 10.x before 10.5. It allows a SonarQube user with the Administrator role to modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT. The vulnerability is related to improper access control in the GitHub integration configuration. If exploited, this vulnerability could lead to the exposure of sensitive authentication tokens, potentially allowing unauthorized access to integrated GitHub resources. The vulnerability has been fixed in SonarQube versions 9.9.5 LTA and 10.5, which were released on June 25, 2024. The fix involves forcing administrators to provide a Private Key for verification when modifying the GitHub API URL. Users are advised to upgrade to these versions or later.
- Description
- When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.
- Source
- security@golang.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 5.4
- Impact score
- 2.5
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
π¨ #Fedora 42 security alert: golang-github-projectdiscovery-mapcidr update patches 9 CVEs (CVE-2025-58058, CVE-2025-47910, etc.). Memory leaks, HTTP bypasses, and DoS flaws fixed. Critical for pentesters & cloud sec. Read more: π https://t.co/3mQ6HI7xa0 #Security https
@Cezar_H_Linux
31 Dec 2025
15 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
Just published a technical breakdown of the #Fedora 42 kustomize vulnerability (CVE-2025-47910). This goes past the headline. Read more: π https://t.co/d0rDQ4dcJx #Security https://t.co/i29ZQeauww
@Cezar_H_Linux
31 Dec 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fedora 43 and Ubuntu 22 issue critical gdu update fixing CVE-2025-58189 (ALPN negotiation flaw) and CVE-2025-47910 (Cross-Origin Protection bypass). Users should upgrade to 5.32.0. #Vulnerability https://t.co/J9pqaxe0HP
@threatcluster
28 Dec 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
π Critical #CVE-2025-47910 patched in #Fedora 42's containernetworking-plugins. A Cross-Origin Protection bypass in net/http threatens container isolation. Read more: π https://t.co/c2uG7l3TRV #Security https://t.co/ioEIQynR8L
@Cezar_H_Linux
5 Oct 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-47910 When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips valid⦠https://t.co/sgBD1zXItV
@CVEnew
22 Sept 2025
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
π€― Go 1.25.1 and 1.24.7 are released! π Security: Includes a security fix for net/http (CVE-2025-47910). π£ Announcement: https://t.co/PrrSaiIwW3 β¬οΈ Download: https://t.co/vSrCuSS6DE #golang https://t.co/YIMM4XL0ta
@golang
3 Sept 2025
23904 Impressions
126 Retweets
545 Likes
28 Bookmarks
3 Replies
9 Quotes