CVE-2020-15773

Published: Sep 18, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data in the Export API, an attacker can access data as a user (for the duration of the browser session) after previously explicitly authenticating with the API.

Affected (1)

Products: Gradle: Enterprise

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gradle Enterprise	Before 2020.2.4

Related CWEs

Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

References (4)

https://github.com/gradle/gradle/security/advisories

Source: cve@mitre.org

Third Party Advisory

https://security.gradle.com/advisory/CVE-2020-15773

Source: cve@mitre.org

Vendor Advisory

https://github.com/gradle/gradle/security/advisories

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.gradle.com/advisory/CVE-2020-15773

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.