CVE-2021-41584
First published: Fri Sep 24 2021(Updated: )
Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gradle Gradle | >=2020.4<2021.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-41584?
CVE-2021-41584 is a vulnerability in Gradle Enterprise before version 2021.1.3 that can allow unauthorized viewing of a response, resulting in information disclosure of potentially sensitive build and configuration details.
How does CVE-2021-41584 impact Gradle Enterprise?
CVE-2021-41584 allows unauthorized users to view responses, potentially exposing sensitive build and configuration information in Gradle Enterprise.
What is the severity of CVE-2021-41584?
CVE-2021-41584 has a severity rating of high (7.5).
How can I fix CVE-2021-41584?
To fix CVE-2021-41584, upgrade Gradle Enterprise to version 2021.1.3 or newer.
Where can I find more information about CVE-2021-41584?
More information about CVE-2021-41584 can be found at the following URL: https://security.gradle.com/advisory/2021-02
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/gradle
- canonical/gradle gradle
- version/gradle gradle/2020.4