CVE-2020-15767

Posted on by admin

CVE-2020-15767

An issue was discovered in Gradle Enterprise before 2020.2.5. Lack of the secure attribute on the anti-CSRF cookie allows an attacker (with the ability to read HTTP traffic) to obtain a user’s anti-CSRF token if the user initiates a cleartext HTTP request.

Source: CVE-2020-15767

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다