Vulnerabilities for Enterprise cache node (...) - CXSECURITY.COM

Vulnerabilities for 'Enterprise cache node'

2020-09-18

CVE-2020-15771

CWE-311

An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. CSRF mitigation can be bypassed because cross-site transmission of a cookie (containing a CSRF token) can occur.

CVE-2020-15768

NVD-CWE-Other

An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection allows remote attackers to obtain authentication cookies (if an XSS issue exists) via the /info/headers, /cache-info/headers, /admin-info/headers, /distribution-broker-info/headers, or /cache-node-info/headers path.

>>> Vendor: Gradle 9 Products

Plugin publishing

Enterprise cache node

Enterprise test distribution agent

Test distribution

Build cache node

Gradle enterprise

Copyright 2024, cxsecurity.com