PT-2020-14622 · Gradle · Gradle Enterprise
Published
2020-09-18
·
Updated
2022-09-30
·
CVE-2020-15775
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Gradle Enterprise versions 2017.1 through 2020.2.4
Description
An issue was discovered where the /usage page of Gradle Enterprise conveys high-level build information, such as project names and build counts over time, and this page is incorrectly viewable anonymously.
Recommendations
For Gradle Enterprise versions 2017.1 through 2020.2.4, restrict access to the /usage page to prevent anonymous viewing.
Fix
Insecure Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gradle Enterprise