CVEブラウザに戻る

CVE-2019-11403

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1780%

EPSS Percentile21.76th

Published2019年4月22日

Last Modified2024年11月21日

Vulnerability Description

In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page.

Affected Platforms (CPE)

📦

Gradle

Build Cache Node

< 5.2

📦

Gradle

Enterprise

< 2018.5.2

References & Advisories

🔗 https://gradle.com/enterprise/releases/2018.5/#changes-2

🔗 https://security.gradle.com/advisory/CVE-2019-11403

🔗 https://gradle.com/enterprise/releases/2018.5/#changes-2

🔗 https://security.gradle.com/advisory/CVE-2019-11403

関連する脆弱性情報

CVE-2019-114029.8

In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format.

CVE-2021-415899.8

In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote co...

CVE-2020-157687.5

An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP...

CVE-2020-157717.5

An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. Cross-site transmission of cookie ...