Описание
An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. An attacker with physical access to the browser of a user who has recently logged in to Gradle Enterprise and since closed their browser could reopen their browser to access Gradle Enterprise as that user.
Ссылки
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2018.5 (включая) до 2020.2.4 (включая)
cpe:2.3:a:gradle:enterprise:*:*:*:*:*:*:*:*
EPSS
Процентиль: 17%
0.00054
Низкий
6.8 Medium
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-613
Связанные уязвимости
CVSS3: 6.8
github
больше 3 лет назад
An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. Because of implicitly remembered user-login information, physically proximate attackers can use a user session after browser closure.
EPSS
Процентиль: 17%
0.00054
Низкий
6.8 Medium
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-613