Headline
CVE-2020-15768: Gradle Enterprise - Security Advisories
An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection in Gradle Enterprise allows remote attackers to obtain authentication cookies, if they are able to discover a separate XSS vulnerability. This potentially allows an attacker to impersonate another user. Gradle Enterprise affected application request paths:/info/headers, /cache-info/headers, /admin-info/headers, /distribution-broker-info/headers. Gradle Enterprise Build Cache Node affected application request paths:/cache-node-info/headers.
All advisoriesPotential disclosure of session cookies via header reflection
Affected product(s)
- Gradle Enterprise 2017.3 - 2020.2.4
- Gradle Enterprise Build Cache Node 1.0 - 9.2
Severity
Critical
Published at
2020-09-15
Related CVE ID(s)
- CVE-2020-15768
Description
Unrestricted HTTP header reflection in Gradle Enterprise allows remote attackers to obtain authentication cookies, if they are able to discover a separate XSS vulnerability. This potentially allows an attacker to impersonate another user.
Gradle Enterprise affected application request paths:
- /info/headers
- /cache-info/headers
- /admin-info/headers
- /distribution-broker-info/headers
Gradle Enterprise Build Cache Node affected application request paths:
- /cache-node-info/headers
Mitigation
The issue can be mitigated by upgrading to:
- Gradle Enterprise 2020.2.5
- Gradle Build Cache Node 9.3
Or alternatively by blocking the above request paths.
Credit
This issue was responsibly reported by Compass Security.