CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-15052

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0360%
EPSS Percentile3.43th
Published2019年8月14日
Last Modified2024年11月21日

Vulnerability Description

The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007.

Affected Platforms (CPE)

📦
Gradle

Gradle

< 5.6

References & Advisories

🔗 https://github.com/gradle/gradle/issues/10278
🔗 https://github.com/gradle/gradle/pull/10176
🔗 https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95
🔗 https://github.com/gradle/gradle/issues/10278
🔗 https://github.com/gradle/gradle/pull/10176
🔗 https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95

相关漏洞威胁

CVE-2020-119869.8

To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes th...

CVE-2019-114039.8

In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page sour...

CVE-2019-114029.8

In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format.

CVE-2021-415899.8

In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote co...