Build scan Export API is susceptible to cross-origin requests
CVE-2020-15773
Affected product(s)
- Gradle Enterprise < 2020.2.4
Severity
High
Description
The build scan Export API allows cross-origin browser requests to consume the event data. An attacker with the ability to execute code in the browser of a user with an active login session could leverage this to access the Export API as that user.
Mitigation
Upgrade to Gradle Enterprise 2020.2.5.