All advisories

Build cache credentials are stored unencrypted at rest

CVE-2019-11402

Affected product(s)

  • Gradle Enterprise < 2018.5.3
  • Gradle Enterprise Build Cache Node < 6.0

Severity

High

Description

Build cache user credentials are stored unencrypted at the Gradle Enterprise server, and build cache nodes. An attacker gaining access to the server can obtain the passwords used to access the cache via the HTTP interface.

Mitigation

Upgrade to Gradle Enterprise 2018.5.3 and/or Gradle Enterprise Build Cache Node 6.0.