{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2020-37020", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-01-28T18:18:30.522Z", "datePublished": "2026-01-29T14:28:33.970Z", "dateUpdated": "2026-03-05T01:27:29.880Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-05T01:27:29.880Z" }, "datePublic": "2020-06-03T00:00:00.000Z", "title": "SonarQube 8.3.1 - Unquoted Service Path", "descriptions": [ { "lang": "en", "value": "SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges during service restart." } ], "problemTypes": [ { "descriptions": [ { "lang": "en", "description": "Unquoted Search Path or Element", "cweId": "CWE-428", "type": "CWE" } ] } ], "affected": [ { "vendor": "Sonarqube", "product": "SonarQube", "versions": [ { "version": "8.3.1", "status": "affected" } ] } ], "cpeApplicability": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:sonarsource:sonarqube:8.3.1:*:*:*:*:*:*:*" } ] } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.5, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS" }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "references": [ { "url": "https://www.exploit-db.com/exploits/48677", "name": "ExploitDB-48677", "tags": [ "exploit" ] }, { "url": "https://www.sonarqube.org", "name": "SonarQube Official Homepage", "tags": [ "product" ] }, { "name": "VulnCheck Advisory: SonarQube 8.3.1 - Unquoted Service Path", "tags": [ "third-party-advisory" ], "url": "https://www.vulncheck.com/advisories/sonarqube-unquoted-service-path" } ], "credits": [ { "lang": "en", "value": "Velayutham Selvaraj", "type": "finder" } ], "x_generator": { "engine": "vulncheck" } }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2026-01-29T14:59:34.451686Z", "id": "CVE-2020-37020", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-29T14:59:49.572Z" } } ] } }