Vulnerabilities > CVE-2020-15768 - Unspecified vulnerability in Gradle Enterprise and Enterprise Cache Node

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

gradle

NVD

Published: 2020-09-18

Updated: 2022-09-30

Summary

An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection in Gradle Enterprise allows remote attackers to obtain authentication cookies, if they are able to discover a separate XSS vulnerability. This potentially allows an attacker to impersonate another user. Gradle Enterprise affected application request paths:/info/headers, /cache-info/headers, /admin-info/headers, /distribution-broker-info/headers. Gradle Enterprise Build Cache Node affected application request paths:/cache-node-info/headers.

Vulnerable Configurations

Part	Description	Count
Application	Gradle Gradle Enterprise Cache Node 1.0 Gradle Enterprise Cache Node 4.1 Gradle Enterprise Cache Node 9.2 Gradle Enterprise 2017.3 Gradle Enterprise 2018.2 Gradle Enterprise 2018.5 Gradle Enterprise 2018.5.1 Gradle Enterprise 2018.5.2 Gradle Enterprise 2018.5.3 Gradle Enterprise 2020.1 Gradle Enterprise 2020.2 Gradle Enterprise 2020.2.4	12

Summary

Vulnerable Configurations

References