CVE-2024-47910 is a vulnerability identified in SonarSource SonarQube, specifically in versions prior to 9.9.5 LTA and 10.x before 10.5. The flaw allows a user holding the Administrator role within SonarQube to alter the configuration of an existing GitHub integration. By doing so, the attacker can exfiltrate a pre-signed JSON Web Token (JWT) that is used for authentication with GitHub services. This token exfiltration can lead to unauthorized access to GitHub repositories or services linked to the token, potentially exposing sensitive code, configuration, or enabling further lateral movement. The vulnerability stems from improper access control (CWE-284), where the system fails to sufficiently restrict modification of integration configurations to prevent token leakage. The CVSS 3.1 score of 7.2 reflects a high-severity issue, with an attack vector over the network (AV:N), low attack complexity (AC:L), requiring privileges (PR:H) but no user interaction (UI:N). The scope remains unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). No public exploits have been reported yet, but the potential for misuse exists given the sensitive nature of the JWT tokens involved. SonarQube is widely used in continuous integration and code quality analysis pipelines, making this vulnerability relevant to many organizations relying on GitHub integrations for automated workflows.

The primary impact of CVE-2024-47910 is the unauthorized exfiltration of pre-signed JWT tokens used for GitHub integrations. This can lead to significant confidentiality breaches, as attackers may gain access to private repositories, sensitive source code, or configuration data. Integrity is also at risk since attackers with stolen tokens could manipulate code repositories or CI/CD pipelines, potentially injecting malicious code or disrupting development workflows. Availability could be affected if attackers disrupt integrations or cause denial of service through misconfiguration or abuse of the compromised tokens. Organizations relying on SonarQube for code quality and security analysis may face increased risk of supply chain attacks or insider threats if this vulnerability is exploited. The requirement for administrative privileges limits the attack surface but does not eliminate risk, especially in environments with multiple administrators or compromised admin accounts. The lack of known exploits in the wild currently reduces immediate risk but does not preclude future attacks. Overall, the vulnerability poses a high risk to organizations with integrated DevOps environments using SonarQube and GitHub.

To mitigate CVE-2024-47910, organizations should promptly upgrade SonarQube to version 9.9.5 LTA or 10.5 and later, where the vulnerability is patched. Until upgrades are applied, restrict the number of users with Administrator privileges to minimize the risk of exploitation. Implement strict access controls and audit logging on SonarQube administrative actions, especially changes to GitHub integration configurations. Regularly review and rotate GitHub integration tokens to limit the window of exposure if tokens are compromised. Employ network segmentation and monitoring to detect unusual outbound traffic that could indicate token exfiltration attempts. Additionally, enforce multi-factor authentication (MFA) for all SonarQube administrators to reduce the risk of credential compromise. Consider using ephemeral or short-lived tokens for GitHub integrations where possible, reducing the impact of token leakage. Finally, educate administrators on the risks of modifying integration settings and encourage adherence to the principle of least privilege.