CVE-2019-11403

CRITICAL

9.8

Description

In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published4/22/2019

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

gradle:build_cache_nodegradle:enterprise

Weaknesses (CWE)

CWE-200

References

https://gradle.com/enterprise/releases/2018.5/#changes-2(cve@mitre.org)

https://security.gradle.com/advisory/CVE-2019-11403(cve@mitre.org)

https://gradle.com/enterprise/releases/2018.5/#changes-2(af854a3a-2127-422b-91ae-364da2661108)

https://security.gradle.com/advisory/CVE-2019-11403(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.