First published: Fri Sep 24 2021(Updated: )
Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Gradle Gradle | >=2020.4<2021.1.3 | |
>=2020.4<2021.1.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-41584 is a vulnerability in Gradle Enterprise before version 2021.1.3 that can allow unauthorized viewing of a response, resulting in information disclosure of potentially sensitive build and configuration details.
CVE-2021-41584 allows unauthorized users to view responses, potentially exposing sensitive build and configuration information in Gradle Enterprise.
CVE-2021-41584 has a severity rating of high (7.5).
To fix CVE-2021-41584, upgrade Gradle Enterprise to version 2021.1.3 or newer.
More information about CVE-2021-41584 can be found at the following URL: https://security.gradle.com/advisory/2021-02