Build project names and build volumes are accessible without authentication
Affected product(s)
- Gradle Enterprise 2017.1 - Gradle Enterprise 2020.2.4
Severity
Moderate
Published at
2020-09-15
Related CVE ID(s)
Description
The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time.
This page is incorrectly viewable anonymously.
Mitigation
Upgrade to Gradle Enterprise 2020.2.5.
Credit
This issue was responsibly reported by Compass Security.