CVE-2020-15767

Опубликовано: 18 сент. 2020

Источник: nvd

CVSS3: 5.3

CVSS2: 2.6

EPSS Низкий

Описание

An issue was discovered in Gradle Enterprise before 2020.2.5. The cookie used to convey the CSRF prevention token is not annotated with the “secure” attribute, which allows an attacker with the ability to MITM plain HTTP requests to obtain it, if the user mistakenly uses a HTTP instead of HTTPS address to access the server. This cookie value could then be used to perform CSRF.

Ссылки

https://github.com/gradle/gradle/security/advisories
Third Party Advisory
https://security.gradle.com/advisory/CVE-2020-15767
Vendor Advisory
https://github.com/gradle/gradle/security/advisories
Third Party Advisory
https://security.gradle.com/advisory/CVE-2020-15767
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gradle:enterprise:*:*:*:*:*:*:*:*

Версия до 2020.2.5 (исключая)

EPSS

Процентиль: 34%

0.00135

Низкий

5.3 Medium

CVSS3

2.6 Low

CVSS2

Дефекты

CWE-311

Связанные уязвимости

GHSA-w2c9-99w6-qcrh

github

больше 3 лет назад

An issue was discovered in Gradle Enterprise before 2020.2.5. Lack of the secure attribute on the anti-CSRF cookie allows an attacker (with the ability to read HTTP traffic) to obtain a user's anti-CSRF token if the user initiates a cleartext HTTP request.