CVE-2020-15772

by Fred · 18/09/2020

An issue was discovered in Gradle Enterprise 2018.5 – 2020.2.4. When configuring Gradle Enterprise to integrate with a SAML identity provider, an XML metadata file can be uploaded by an administrator. The server side processing of this file dereferences XML External Entities (XXE), allowing a remote attacker with administrative access to perform server side request forgery.

Date published : 2020-09-18

https://security.gradle.com/advisory/CVE-2020-15772

https://github.com/gradle/gradle/security/advisories

CVE-2020-15772

Similar

Recent Posts

Categories

CVE-2020-15772

Share this:

Similar

Recent Posts

Categories

Tags