/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-8jvr-q59j-vqj2

Published

Last updated

https://images.chainguard.dev/security/CGA-8jvr-q59j-vqj2
Package

sonarqube

RepositoryWolfi
Latest Update
Not affected
Aliases
  • CVE-2025-11226
  • GHSA-25qh-j22f-pwp8

Severity

Unknown

References

  • https://nvd.nist.gov/vuln/detail/CVE-2025-11226
  • https://github.com/advisories/GHSA-25qh-j22f-pwp8

Updates

Status

Not affected

Justification

Vulnerable code cannot be controlled by adversary

Impact

Sonarqube's CVE review and treatment reports that SonarQube is not vulnerable because it requires privilege to modify a configuration parameter that is not exposed by SonarQube. Relevant URL: https://github.com/SonarSource/sonarqube/blob/master/sonar-application/src/main/assembly/security/CVE-review-and-treatment-status-sqcb.csv#L34:~:text=34-,CVE%2D2025%2D11226,-logback%2Dcore%401.5.18

Status

Under investigation

Safe Source for Open Source™
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSGolden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsChainguard CoursesDocumentationTrust Center

Company

About UsBlogPartnersNewsroomCareersLegal