Gradle Enterprise Security Advisories
The following is a list of security advisories relating to Gradle Enterprise and its associated components.
Gradle build tool security advisories can be found here.
| Published at | Identifier | Severity | Title |
|---|---|---|---|
| 2021-02-08 | CVE-2021-26719 | High | Potential compromise of build or agent environment by test distribution agent or client imposter |
| 2020-09-15 | CVE-2020-15769 | Critical | Test distribution usage search form allows XSS |
| 2020-09-15 | CVE-2020-15768 | Critical | Potential disclosure of session cookies via header reflection |
| 2020-09-15 | CVE-2020-15776 | High | CSRF prevention token is overridable by user code |
| 2020-09-15 | CVE-2020-15775 | Moderate | Build project names and build volumes are accessible without authentication |
| 2020-09-15 | CVE-2020-15774 | Moderate | Login sessions are not terminated on browser closure |
| 2020-09-15 | CVE-2020-15772 | Moderate | SAML IDP metadata XML upload is vulnerable to server-side request forgery via XXE injection |
| 2020-09-15 | CVE-2020-15771 | Moderate | Request cookies containing CSRF prevention token are not same-site restricted |
| 2020-09-15 | CVE-2020-15770 | Moderate | Local user login is susceptible to brute force password guessing |
| 2020-09-15 | CVE-2020-15767 | Moderate | CSRF prevention cookie is susceptible to capture by MITM on HTTP redirect |
| 2020-07-15 | CVE-2020-15777 | Critical | Potential local privilege escalation during build due to unrestricted input deserialization |
| 2019-04-22 | CVE-2019-11403 | High | Build cache credentials are reflected in administration screens |
| 2019-04-22 | CVE-2019-11402 | High | Build cache credentials are stored unencrypted at rest |
| 2018-08-21 | CVE-2020-15773 | High | Build scan Export API is susceptible to cross-origin requests |