RSS   Vulnerabilities for 'Enterprise cache node'   RSS

2020-09-18
 
CVE-2020-15771

CWE-311
 
 
An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. CSRF mitigation can be bypassed because cross-site transmission of a cookie (containing a CSRF token) can occur.

 
 
CVE-2020-15768

NVD-CWE-Other
 
 
An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection allows remote attackers to obtain authentication cookies (if an XSS issue exists) via the /info/headers, /cache-info/headers, /admin-info/headers, /distribution-broker-info/headers, or /cache-node-info/headers path.

 

 >>> Vendor: Gradle 9 Products
Enterprise
Maven
Gradle
Plugin publishing
Enterprise cache node
Enterprise test distribution agent
Test distribution
Build cache node
Gradle enterprise

Copyright 2024, cxsecurity.com

 

Back to Top