Build scan Export API is susceptible to cross-origin requests
- Gradle Enterprise < 2020.2.4
Related CVE ID(s)
The build scan Export API allows cross-origin browser requests to consume the event data. An attacker with the ability to execute code in the browser of a user with an active login session could leverage this to access the Export API as that user.
Upgrade to Gradle Enterprise 2020.2.5.