Vulnerabilities > CVE-2020-15772 - Server-Side Request Forgery (SSRF) vulnerability in Gradle Enterprise
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. When configuring Gradle Enterprise to integrate with a SAML identity provider, an XML metadata file can be uploaded by an administrator. The server side processing of this file dereferences XML External Entities (XXE), allowing a remote attacker with administrative access to perform server side request forgery.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 7 |