exploitDog

CVE-2020-15773

Опубликовано: 18 сент. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data in the Export API, an attacker can access data as a user (for the duration of the browser session) after previously explicitly authenticating with the API.

Ссылки

https://github.com/gradle/gradle/security/advisories
Third Party Advisory
https://security.gradle.com/advisory/CVE-2020-15773
Vendor Advisory
https://github.com/gradle/gradle/security/advisories
Third Party Advisory
https://security.gradle.com/advisory/CVE-2020-15773
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gradle:enterprise:*:*:*:*:*:*:*:*

Версия до 2020.2.4 (исключая)

EPSS

Процентиль: 36%

0.00153

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-346

Связанные уязвимости

GHSA-cmqx-vr89-j979

github

больше 3 лет назад

An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data in the Export API, an attacker can access data as a user (for the duration of the browser session) after previously explicitly authenticating with the API.

EPSS

Процентиль: 36%

0.00153

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-346