############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: Gradle Enterprise [1] # Vendor: Gradle # CSNC ID: CSNC-2020-014 # CVE ID: CVE-2020-15769 # Subject: Test distribution usage search form allows XSS # Risk: Medium # Effect: Remotely exploitable # Author: Marat Aytuganov # Date: 12.10.2020 # ############################################################# Introduction ------------ Gradle Enterprise is the tool of choice for the world’s most valuable global business and technology brands that compete on the delivery speed and quality of their code. Gradle Enterprise leverages acceleration technologies to speed up the software build and test process and data analytics to make troubleshooting more efficient. It is a key enabling technology for the emerging discipline of Developer Productivity Engineering. [1] Affected -------- Vulnerable: * Gradle Enterprise 2020.2 - 2020.2.4 Not vulnerable: * >= 2020.2.5 Technical Description --------------------- The Test distribution usage search form uses parameters in the URI, which are reflected in the HTTP response body after submitting the search. This can be used to execute JavaScript in the context of an administrator that clicks a link or visits a prepared web page. Request-URI: https://gradle.localhost/admin/test-distribution/usage/24h?capabilities=%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E Response: [CUT BY COMPASS] ["jdk=11","os=linux"], [{"value":""}] );