All advisories

Build project names and build volumes are accessible without authentication

Affected product(s)

  • Gradle Enterprise 2017.1 - Gradle Enterprise 2020.2.4

Severity

Moderate

Related CVE ID(s)

Description

The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time. This page is incorrectly viewable anonymously.

Mitigation

Upgrade to Gradle Enterprise 2020.2.5.

Credit

This issue was responsibly reported by Compass Security.