CyberSec.Space Logo
Back to CVE Browser

CVE-2020-15768

HIGH
7.5
CVSS Severity Score
EPSS Score0.0110%
EPSS Percentile23.36th
PublishedSep 18, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection in Gradle Enterprise allows remote attackers to obtain authentication cookies, if they are able to discover a separate XSS vulnerability. This potentially allows an attacker to impersonate another user. Gradle Enterprise affected application request paths:/info/headers, /cache-info/headers, /admin-info/headers, /distribution-broker-info/headers. Gradle Enterprise Build Cache Node affected application request paths:/cache-node-info/headers.

Affected Platforms (CPE)

πŸ“¦
Gradle

Enterprise

>= 2017.3 and <= 2020.2.4
πŸ“¦
Gradle

Enterprise Cache Node

>= 1.0 and <= 9.2

References & Advisories

πŸ”— https://github.com/gradle/gradle/security/advisories
πŸ”— https://security.gradle.com/advisory/CVE-2020-15768
πŸ”— https://github.com/gradle/gradle/security/advisories
πŸ”— https://security.gradle.com/advisory/CVE-2020-15768

Related Vulnerabilities

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...

CVE-2026-487237.8

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36...