CVE-2020-15769
An issue was discovered in Gradle Enterprise 2020.2 – 2020.2.4. An XSS issue exists via the request URL.
Source: CVE-2020-15769
CVE-2020-15769
An issue was discovered in Gradle Enterprise 2020.2 – 2020.2.4. An XSS issue exists via the request URL.
Source: CVE-2020-15769
CVE-2020-15770
An issue was discovered in Gradle Enterprise 2018.5. There is a lack of lock-out after excessive failed login attempts. This allows a remote attacker to conduct brute-force guessing of a local user’s password.
Source: CVE-2020-15770
CVE-2020-15771
An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. CSRF mitigation can be bypassed because cross-site transmission of a cookie (containing a CSRF token) can occur.
Source: CVE-2020-15771
CVE-2020-15772
An issue was discovered in Gradle Enterprise 2018.5 – 2020.2.4. There is XXE with resultant SSRF via an uploaded SAML IDP configuration.
Source: CVE-2020-15772
CVE-2020-15774
An issue was discovered in Gradle Enterprise 2018.5 – 2020.2.4. Because of implicitly remembered user-login information, physically proximate attackers can use a user session after browser closure.
Source: CVE-2020-15774
CVE-2020-15775
An issue was discovered in Gradle Enterprise 2017.1 – 2020.2.4. Unrestricted access to a high-level system-usage summary allows an attacker to obtain project names and usage metrics.
Source: CVE-2020-15775
CVE-2020-15776
An issue was discovered in Gradle Enterprise 2018.2 – 2020.2.4. CSRF mitigation can be bypassed because the anti-CSRF token is in a cleartext cookie.
Source: CVE-2020-15776
CVE-2020-15768
An issue was discovered in Gradle Enterprise 2017.3 – 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 – 9.2. Unrestricted HTTP header reflection allows remote attackers to obtain authentication cookies (if an XSS issue exists) via the /info/headers, /cache-info/headers, /admin-info/headers, /distribution-broker-info/headers, or /cache-node-info/headers path.
Source: CVE-2020-15768
CVE-2020-5606
Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page.
Source: CVE-2020-5606
CVE-2020-5629
UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via a malicious App created by the third party. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.
Source: CVE-2020-5629