Page 3 of 16 results (0.010 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time. This page is incorrectly viewable anonymously. Se detectó un problema en Gradle Enterprise versiones 2017.1 - 2020.2.4. La página de uso de Gradle Enterprise transmite información de alto nivel como nombres de proyectos y recuentos de construcción a lo largo del tiempo. • https://github.com/gradle/gradle/security/advisories https://security.gradle.com/advisory/CVE-2020-15775 • CWE-922: Insecure Storage of Sensitive Information •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. The CSRF prevention token is stored in a request cookie that is not annotated as HttpOnly. An attacker with the ability to execute arbitrary code in a user's browser could impose an arbitrary value for this token, allowing them to perform cross-site request forgery. Se detecto un problema en el Gradle Enterprise versiones 2018.2 - 2020.2.4. El token de prevención del CSRF se almacena en una cookie de petición que no está anotada como HttpOnly. • https://cwe.mitre.org/data/definitions/1004.html https://github.com/gradle/gradle/security/advisories https://security.gradle.com/advisory/CVE-2020-15776 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection in Gradle Enterprise allows remote attackers to obtain authentication cookies, if they are able to discover a separate XSS vulnerability. This potentially allows an attacker to impersonate another user. Gradle Enterprise affected application request paths:/info/headers, /cache-info/headers, /admin-info/headers, /distribution-broker-info/headers. Gradle Enterprise Build Cache Node affected application request paths:/cache-node-info/headers. • https://github.com/gradle/gradle/security/advisories https://security.gradle.com/advisory/CVE-2020-15768 •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS issue exists via the request URL. Se detectó un problema en Gradle Enterprise versiones 2020.2 - 2020.2.4. Se presenta un problema de tipo XSS por medio de una URL de petición • https://github.com/gradle/gradle/security/advisories https://security.gradle.com/advisory/CVE-2020-15769 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page. En Gradle Enterprise versiones anteriores a 2018.5.2, Build Cache Nodes reflejaría la contraseña configurada al ver el código fuente HTML de la página de configuración. • https://gradle.com/enterprise/releases/2018.5/#changes-2 https://security.gradle.com/advisory/CVE-2019-11403 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •