Headline
CVE-2020-15771: Gradle Enterprise - Security Advisories
An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. Cross-site transmission of cookie containing CSRF token allows remote attacker to bypass CSRF mitigation.
All advisoriesRequest cookies containing CSRF prevention token are not same-site restricted
Affected product(s)
- Gradle Enterprise 2018.2
Severity
Moderate
Published at
2020-09-15
Related CVE ID(s)
- CVE-2020-15771
Description
Cross-site transmission of cookie containing CSRF token allows remote attacker to bypass CSRF mitigation.
Mitigation
Upgrade to Gradle Enterprise 2020.2.5.
Credit
This issue was responsibly reported by Compass Security.