Home / Companies / Sonar / Blog / February 2019

February 2019 Summaries

2 posts from Sonar

Filter
Month: Year:
Post Summaries Back to Blog
The powerful `SonarCloud Scan` Pipe for Bitbucket Pipelines simplifies code quality analysis by providing a pre-configured, high-level task that can be easily integrated into pipelines. This solution eliminates the need to manually download and configure the Sonar Scanner CLI, saving developers time and effort. With the new Pipe, users can trigger a SonarCloud analysis with just a few clicks, without worrying about the internal details of the operation. The partnership between SonarSource and Atlassian further enhances the workflow for continuous code quality, allowing development teams to focus on their code changes and pull requests while CI/CD pipelines handle the rest.
Feb 28, 2019 608 words in the original blog post.
The vulnerability is a Remote Code Execution (RCE) in the WordPress core, which allows an attacker with author privileges to execute arbitrary PHP code on the underlying server. The vulnerability is due to a Path Traversal and Local File Inclusion issue in how WordPress handles Post Meta entries and uploaded images. An attacker can exploit this by updating the _wp_attached_file meta entry to contain malicious code, which will be executed when the image is edited or cropped. The vulnerability was discovered through automated scanning and manual testing, and it has been present in WordPress versions 4.9.9 and later, as well as in earlier versions that do not have a patch applied. The issue is still possible to exploit even with a patch applied, if plugins are installed that incorrectly handle Post Meta entries. The vulnerability was reported to the WordPress security team in October 2018, but it wasn't patched until December 2019, more than 6 months after its discovery.
Feb 19, 2019 2,106 words in the original blog post.