Vulnerabilities > CVE-2020-15775 - Insecure Storage of Sensitive Information vulnerability in Gradle Enterprise

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

gradle

CWE-922

NVD

Published: 2020-09-18

Updated: 2022-09-30

Summary

An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time. This page is incorrectly viewable anonymously.

Vulnerable Configurations

Part	Description	Count
Application	Gradle Gradle Enterprise 2017.1 Gradle Enterprise 2017.3 Gradle Enterprise 2018.2 Gradle Enterprise 2018.5 Gradle Enterprise 2018.5.1 Gradle Enterprise 2018.5.2 Gradle Enterprise 2018.5.3 Gradle Enterprise 2020.1 Gradle Enterprise 2020.2 Gradle Enterprise 2020.2.4	10

Common Weakness Enumeration (CWE)

CWE-922 - Insecure Storage of Sensitive Information

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References