############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: Gradle Enterprise [1] # Vendor: Gradle # CSNC ID: CSNC-2020-015 # CVE ID: CVE-2020-15768 # Subject: Potential disclosure of session cookies via header reflection # Risk: Low # Effect: Remotely exploitable # Author: Marat Aytuganov # Date: 12.10.2020 # ############################################################# Introduction ------------ Gradle Enterprise is the tool of choice for the world’s most valuable global business and technology brands that compete on the delivery speed and quality of their code. Gradle Enterprise leverages acceleration technologies to speed up the software build and test process and data analytics to make troubleshooting more efficient. It is a key enabling technology for the emerging discipline of Developer Productivity Engineering. [1] Affected -------- Vulnerable: * Gradle Enterprise 2017.3 - 2020.2.4 * Gradle Enterprise Build Cache Node 1.0 - 9.2 Not vulnerable: * 2020.2.5 Technical Description --------------------- Gradle Enterprise exposes endpoints, which reflect the HTTP request headers in the body of the HTTP response. These endpoints can be used in a Cross-Site Scripting (see CVE-2020-15769) attack to extract authentications Cookies that are protected with the HttpOnly flag and steal sessions of users and administrators. Gradle Enterprise affected application request paths: /info/headers /cache-info/headers /admin-info/headers /distribution-broker-info/headers Gradle Enterprise Build Cache Node affected application request paths: /cache-node-info/headers Workaround / Fix ---------------- Upgrade to Gradle Enterprise 2020.2.5 or later. Timeline -------- 2020-06-26: Discovery by Marat Aytuganov 2020-06-26: Initial vendor notification 2020-06-26: Initial vendor response 2020-09-15: Assigned CVE-2020-15768 2020-07-13: Release of fixed Version / Patch References ---------- [1] https://gradle.com/gradle-enterprise-solution-overview/