PT-2020-14621 · Gradle · Gradle Enterprise
Published
2020-09-18
·
Updated
2022-09-30
·
CVE-2020-15774
CVSS v3.1
6.8
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Gradle Enterprise versions 2018.5 through 2020.2.4
Description
An issue was discovered where an attacker with physical access to the browser of a user who has recently logged in to Gradle Enterprise and since closed their browser could reopen their browser to access Gradle Enterprise as that user.
Recommendations
For Gradle Enterprise versions 2018.5 through 2020.2.4, update to a version that contains a fix for this issue to prevent unauthorized access.
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gradle Enterprise