All advisories

Request cookies containing CSRF prevention token are not same-site restricted

Affected product(s)

  • Gradle Enterprise 2018.2

Severity

Moderate

Related CVE ID(s)

Description

Cross-site transmission of cookie containing CSRF token allows remote attacker to bypass CSRF mitigation.

Mitigation

Upgrade to Gradle Enterprise 2020.2.5.

Credit

This issue was responsibly reported by Compass Security.