CVE-2019-11403

Published: Apr 22, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page.

Affected (2)

Products: Gradle: Build Cache Node, Enterprise

Gradle

2 products

Build Cache Node

Enterprise

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Gradle Build Cache Node	Before 5.2
Gradle Enterprise	Before 2018.5.2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://gradle.com/enterprise/releases/2018.5/#changes-2

Source: cve@mitre.org

Release NotesVendor Advisory

https://security.gradle.com/advisory/CVE-2019-11403

Source: cve@mitre.org

Vendor Advisory

https://gradle.com/enterprise/releases/2018.5/#changes-2

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://security.gradle.com/advisory/CVE-2019-11403

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.