.
All advisories

Test distribution usage search form allows XSS

Affected product(s)

  • Gradle Enterprise 2020.2 - 2020.2.4

Severity

Critical

Published at

2020-09-15

Related CVE ID(s)

Description

Cross-site scripting (XSS) vulnerability in Gradle Enterprise allows remote attacker to execute arbitrary Javascript via the request URL.

Mitigation

Upgrade to Gradle Enterprise 2020.2.5 or later.

Credit

This issue was responsibly reported by Compass Security.