CVE-2020-15775
https://notcve.org/view.php?id=CVE-2020-15775
An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time. This page is incorrectly viewable anonymously. Se detectó un problema en Gradle Enterprise versiones 2017.1 - 2020.2.4. La página de uso de Gradle Enterprise transmite información de alto nivel como nombres de proyectos y recuentos de construcción a lo largo del tiempo. • https://github.com/gradle/gradle/security/advisories https://security.gradle.com/advisory/CVE-2020-15775 • CWE-922: Insecure Storage of Sensitive Information •
CVE-2020-15776
https://notcve.org/view.php?id=CVE-2020-15776
An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. The CSRF prevention token is stored in a request cookie that is not annotated as HttpOnly. An attacker with the ability to execute arbitrary code in a user's browser could impose an arbitrary value for this token, allowing them to perform cross-site request forgery. Se detecto un problema en el Gradle Enterprise versiones 2018.2 - 2020.2.4. El token de prevención del CSRF se almacena en una cookie de petición que no está anotada como HttpOnly. • https://cwe.mitre.org/data/definitions/1004.html https://github.com/gradle/gradle/security/advisories https://security.gradle.com/advisory/CVE-2020-15776 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2020-15768
https://notcve.org/view.php?id=CVE-2020-15768
An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection in Gradle Enterprise allows remote attackers to obtain authentication cookies, if they are able to discover a separate XSS vulnerability. This potentially allows an attacker to impersonate another user. Gradle Enterprise affected application request paths:/info/headers, /cache-info/headers, /admin-info/headers, /distribution-broker-info/headers. Gradle Enterprise Build Cache Node affected application request paths:/cache-node-info/headers. • https://github.com/gradle/gradle/security/advisories https://security.gradle.com/advisory/CVE-2020-15768 •
CVE-2020-15769
https://notcve.org/view.php?id=CVE-2020-15769
An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS issue exists via the request URL. Se detectó un problema en Gradle Enterprise versiones 2020.2 - 2020.2.4. Se presenta un problema de tipo XSS por medio de una URL de petición • https://github.com/gradle/gradle/security/advisories https://security.gradle.com/advisory/CVE-2020-15769 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-7272 – Optergy 2.3.0a - Username Disclosure
https://notcve.org/view.php?id=CVE-2019-7272
Optergy Proton/Enterprise devices allow Username Disclosure. Los dispositivos Optergy Proton/Enterprise permiten la divulgación del nombre de usuario. • https://www.exploit-db.com/exploits/47640 http://packetstormsecurity.com/files/155259/Optergy-BMS-2.0.3a-Account-Reset-Username-Disclosure.html http://www.securityfocus.com/bid/108686 https://applied-risk.com/labs/advisories https://www.applied-risk.com/resources/ar-2019-008 • CWE-862: Missing Authorization •