Information Disclosure in Gradle Enterprise by Gradle
CVE-2019-11403

9.8CRITICAL

Key Information:

Vendor

Gradle

Status
Enterprise
Build Cache Node
Vendor
CVE Published:
22 April 2019

What is CVE-2019-11403?

In Gradle Enterprise versions prior to 2018.5.2, an information disclosure vulnerability exists that allows Build Cache Nodes to potentially expose configured passwords. This occurs when users view the HTML page source of the settings page, enabling sensitive information to be reflected back. Proper updates and security measures are essential to mitigate risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://gradle.com/enterprise/releases/2018.5/#changes-2
x_refsource_MISC
https://security.gradle.com/advisory/CVE-2019-11403
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.