We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Incorrect logic present in the token verification step unintentionally allowed master token access to the API.
The vulnerability has been patch as of v1.18.5.
Cherry-pick commit hash 04dab1d to receive this patch in lieu of a full upgrade.
If you have any questions or comments about this advisory:
paul-gerste-sonarsource Analyst
Impact
Incorrect logic present in the token verification step unintentionally allowed master token access to the API.
Patches
The vulnerability has been patch as of v1.18.5.
Workarounds
Cherry-pick commit hash 04dab1d to receive this patch in lieu of a full upgrade.
For more information
If you have any questions or comments about this advisory: