Page 3 of 26 results (0.005 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. The CSRF prevention token is stored in a request cookie that is not annotated as HttpOnly. An attacker with the ability to execute arbitrary code in a user's browser could impose an arbitrary value for this token, allowing them to perform cross-site request forgery. Se detecto un problema en el Gradle Enterprise versiones 2018.2 - 2020.2.4. El token de prevención del CSRF se almacena en una cookie de petición que no está anotada como HttpOnly. • https://cwe.mitre.org/data/definitions/1004.html https://github.com/gradle/gradle/security/advisories https://security.gradle.com/advisory/CVE-2020-15776 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection in Gradle Enterprise allows remote attackers to obtain authentication cookies, if they are able to discover a separate XSS vulnerability. This potentially allows an attacker to impersonate another user. Gradle Enterprise affected application request paths:/info/headers, /cache-info/headers, /admin-info/headers, /distribution-broker-info/headers. Gradle Enterprise Build Cache Node affected application request paths:/cache-node-info/headers. • https://github.com/gradle/gradle/security/advisories https://security.gradle.com/advisory/CVE-2020-15768 •

CVSS: 5.3EPSS: 3%CPEs: 2EXPL: 2

Optergy Proton/Enterprise devices allow Username Disclosure. Los dispositivos Optergy Proton/Enterprise permiten la divulgación del nombre de usuario. • https://www.exploit-db.com/exploits/47640 http://packetstormsecurity.com/files/155259/Optergy-BMS-2.0.3a-Account-Reset-Username-Disclosure.html http://www.securityfocus.com/bid/108686 https://applied-risk.com/labs/advisories https://www.applied-risk.com/resources/ar-2019-008 • CWE-862: Missing Authorization •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF). Los dispositivos Optergy Proton/Enterprise permiten Cross-Site Request Forgery (CSRF). Optergy Proton/Enterprise BMS versions 2.0.3a and below suffer from an add administrator cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/47639 http://packetstormsecurity.com/files/155265/Optergy-Proton-Enterprise-BMS-2.0.3a-Cross-Site-Request-Forgery.html http://www.securityfocus.com/bid/108686 https://applied-risk.com/labs/advisories https://www.applied-risk.com/resources/ar-2019-008 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 2

Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root. Los dispositivos Optergy Proton / Enterprise permiten la carga de archivos autenticados con la ejecución de código como root. • https://www.exploit-db.com/exploits/47636 http://packetstormsecurity.com/files/155269/Optergy-2.3.0a-Remote-Root.html http://www.securityfocus.com/bid/108686 https://applied-risk.com/labs/advisories https://www.applied-risk.com/resources/ar-2019-008 • CWE-434: Unrestricted Upload of File with Dangerous Type •