Cross-Site Request Forgery Vulnerability in Gradle Enterprise and Build Cache Node
CVE-2020-15771

7.5HIGH

Key Information:

Vendor

Gradle

Status
Enterprise Cache Node
Enterprise
Vendor
CVE Published:
18 September 2020

What is CVE-2020-15771?

A serious security issue has been identified in Gradle Enterprise versions, allowing for cross-site transmission of cookies containing CSRF tokens. This flaw enables a remote attacker to bypass CSRF mitigation measures, posing significant risks to user sessions and data integrity. Users are advised to review their security configurations and apply necessary updates to mitigate potential attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/gradle/gradle/security/advisories
x_refsource_MISC
https://security.gradle.com/advisory/CVE-2020-15771
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.