All advisories

Build scan Export API is susceptible to cross-origin requests

Affected product(s)

Gradle Enterprise < 2020.2.4

Severity

High

Published at

2020-09-18

Related CVE ID(s)

CVE-2020-15773

Description

The build scan Export API allows cross-origin browser requests to consume the event data. An attacker with the ability to execute code in the browser of a user with an active login session could leverage this to access the Export API as that user.

Mitigation

Upgrade to Gradle Enterprise 2020.2.5.