Headline
CVE-2020-15775: Gradle Enterprise - Security Advisories
An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time. This page is incorrectly viewable anonymously.
All advisoriesBuild project names and build volumes are accessible without authentication
Affected product(s)
- Gradle Enterprise 2017.1 - Gradle Enterprise 2020.2.4
Severity
Moderate
Published at
2020-09-15
Related CVE ID(s)
- CVE-2020-15775
Description
The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time. This page is incorrectly viewable anonymously.
Mitigation
Upgrade to Gradle Enterprise 2020.2.5.
Credit
This issue was responsibly reported by Compass Security.