CVE-2020-15774
First published: Fri Sep 18 2020(Updated: )
An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. An attacker with physical access to the browser of a user who has recently logged in to Gradle Enterprise and since closed their browser could reopen their browser to access Gradle Enterprise as that user.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gradle Enterprise | >=2018.5<=2020.2.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue in Gradle Enterprise?
The vulnerability ID for this issue in Gradle Enterprise is CVE-2020-15774.
What is the severity of CVE-2020-15774?
The severity of CVE-2020-15774 is medium, with a CVSS score of 6.8.
In which versions of Gradle Enterprise does this vulnerability exist?
This vulnerability exists in Gradle Enterprise versions 2018.5 to 2020.2.4.
What is the impact of CVE-2020-15774?
CVE-2020-15774 allows an attacker with physical access to a user's browser to reopen the browser and gain access to Gradle Enterprise as the user.
Is there a fix available for CVE-2020-15774?
Yes, to mitigate this vulnerability, it is recommended to upgrade to a version of Gradle Enterprise beyond 2020.2.4.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/gradle
- canonical/gradle enterprise
- version/gradle enterprise/2018.5
- version/gradle enterprise/2020.2.4