Количество 2
Количество 2
CVE-2020-7599
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is publicly visible (as it is in many popular public CI systems like TravisCI) this AWS pre-signed URL would allow a malicious actor to replace a recently uploaded plugin with their own.
GHSA-cv78-v957-jx34
Exposure of Sensitive Information in Gradle publish plugin
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-7599 All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is publicly visible (as it is in many popular public CI systems like TravisCI) this AWS pre-signed URL would allow a malicious actor to replace a recently uploaded plugin with their own. | CVSS3: 6.5 | 0% Низкий | почти 6 лет назад |
| GHSA-cv78-v957-jx34 Exposure of Sensitive Information in Gradle publish plugin | CVSS3: 6.5 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу