All advisories

Test distribution usage search form allows XSS

CVE-2020-15769

Affected product(s)

  • Gradle Enterprise 2020.2 - 2020.2.4

Severity

Critical

Description

Cross-site scripting (XSS) vulnerability in Gradle Enterprise allows remote attacker to execute arbitrary Javascript via the request URL.

Mitigation

Upgrade to Gradle Enterprise 2020.2.5 or later.

Credit

This issue was responsibly reported by Compass Security.