Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-15775: Gradle Enterprise - Security Advisories

An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time. This page is incorrectly viewable anonymously.

CVE
#java#auth#gradle

All advisoriesBuild project names and build volumes are accessible without authentication

Affected product(s)

  • Gradle Enterprise 2017.1 - Gradle Enterprise 2020.2.4

Severity

Moderate

Published at

2020-09-15

Related CVE ID(s)

  • CVE-2020-15775

Description

The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time. This page is incorrectly viewable anonymously.

Mitigation

Upgrade to Gradle Enterprise 2020.2.5.

Credit

This issue was responsibly reported by Compass Security.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907