All advisories

Build scan Export API is susceptible to cross-origin requests

CVE-2020-15773

Affected product(s)

  • Gradle Enterprise < 2020.2.4

Severity

High

Description

The build scan Export API allows cross-origin browser requests to consume the event data. An attacker with the ability to execute code in the browser of a user with an active login session could leverage this to access the Export API as that user.

Mitigation

Upgrade to Gradle Enterprise 2020.2.5.