返回 CVE 浏览器

CVE-2020-15768

HIGH

7.5

CVSS Severity Score

EPSS Score0.0110%

EPSS Percentile23.36th

Published2020年9月18日

Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection in Gradle Enterprise allows remote attackers to obtain authentication cookies, if they are able to discover a separate XSS vulnerability. This potentially allows an attacker to impersonate another user. Gradle Enterprise affected application request paths:/info/headers, /cache-info/headers, /admin-info/headers, /distribution-broker-info/headers. Gradle Enterprise Build Cache Node affected application request paths:/cache-node-info/headers.

Affected Platforms (CPE)

📦

Gradle

Enterprise

>= 2017.3 and <= 2020.2.4

📦

Gradle

Enterprise Cache Node

>= 1.0 and <= 9.2

References & Advisories

🔗 https://github.com/gradle/gradle/security/advisories

🔗 https://security.gradle.com/advisory/CVE-2020-15768

🔗 https://github.com/gradle/gradle/security/advisories

🔗 https://security.gradle.com/advisory/CVE-2020-15768

相关漏洞威胁

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...

CVE-2026-487237.8

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36...