.

Request cookies containing CSRF prevention token are not same-site restricted

Affected product(s)

Gradle Enterprise 2018.2

Severity

Moderate

Published at

2020-09-15

Related CVE ID(s)

CVE-2020-15771

Description

Cross-site transmission of cookie containing CSRF token allows remote attacker to bypass CSRF mitigation.

Mitigation

Upgrade to Gradle Enterprise 2020.2.5.

Credit

This issue was responsibly reported by Compass Security.