Vulnerability Details CVE-2020-15773
An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data in the Export API, an attacker can access data as a user (for the duration of the browser session) after previously explicitly authenticating with the API.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.2%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2020-15773
-
cpe:2.3:a:gradle:enterprise:2017.1
-
cpe:2.3:a:gradle:enterprise:2017.3
-
cpe:2.3:a:gradle:enterprise:2018.2
-
cpe:2.3:a:gradle:enterprise:2018.5
-
cpe:2.3:a:gradle:enterprise:2018.5.1
-
cpe:2.3:a:gradle:enterprise:2018.5.2
-
cpe:2.3:a:gradle:enterprise:2018.5.3
-
cpe:2.3:a:gradle:enterprise:2020.1
-
cpe:2.3:a:gradle:enterprise:2020.2