All advisories

Request cookies containing CSRF prevention token are not same-site restricted

CVE-2020-15771

Affected product(s)

  • Gradle Enterprise 2018.2

Severity

Moderate

Description

Cross-site transmission of cookie containing CSRF token allows remote attacker to bypass CSRF mitigation.

Mitigation

Upgrade to Gradle Enterprise 2020.2.5.

Credit

This issue was responsibly reported by Compass Security.