CyberSec.Space Logo
Back to CVE Browser

CVE-2019-11403

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1780%
EPSS Percentile21.76th
PublishedApr 22, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page.

Affected Platforms (CPE)

πŸ“¦
Gradle

Build Cache Node

< 5.2
πŸ“¦
Gradle

Enterprise

< 2018.5.2

References & Advisories

πŸ”— https://gradle.com/enterprise/releases/2018.5/#changes-2
πŸ”— https://security.gradle.com/advisory/CVE-2019-11403
πŸ”— https://gradle.com/enterprise/releases/2018.5/#changes-2
πŸ”— https://security.gradle.com/advisory/CVE-2019-11403

Related Vulnerabilities

CVE-2019-114029.8

In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format.

CVE-2021-415899.8

In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote co...

CVE-2020-157687.5

An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP...

CVE-2020-157717.5

An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. Cross-site transmission of cookie ...