Scribd Logo
Upload

Welcome to Scribd!

  • XSS - Part 6

    Uploaded by

    Silviu Pricope
    10 views2 pages
    Cybersecurity - XSS vulnerability description

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Cybersecurity - XSS vulnerability description

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    10 views2 pages

    XSS - Part 6

    Uploaded by

    Silviu Pricope
    Cybersecurity - XSS vulnerability description

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 2

    #############################################################

    #
    # COMPASS SECURITY ADVISORY
    # https://www.compass-security.com/research/advisories/
    #
    #############################################################
    #
    # Product: Gradle Enterprise [1]
    # Vendor: Gradle
    # CSNC ID: CSNC-2020-015
    # CVE ID: CVE-2020-15768
    # Subject: Potential disclosure of session cookies via header reflection
    # Risk: Low
    # Effect: Remotely exploitable
    # Author: Marat Aytuganov <marat.aytuganov@compass-security.com>
    # Date: 12.10.2020
    #
    #############################################################

    Introduction
    ------------
    Gradle Enterprise is the tool of choice for the world’s most valuable global
    business and technology brands that compete on the delivery speed and quality
    of their code. Gradle Enterprise leverages acceleration technologies to speed
    up the software build and test process and data analytics to make
    troubleshooting more efficient. It is a key enabling technology for the
    emerging discipline of Developer Productivity Engineering. [1]

    Affected
    --------

    Vulnerable:
    * Gradle Enterprise 2017.3 - 2020.2.4
    * Gradle Enterprise Build Cache Node 1.0 - 9.2

    Not vulnerable:
    * 2020.2.5

    Technical Description
    ---------------------
    Gradle Enterprise exposes endpoints, which reflect the HTTP request headers
    in the body of the HTTP response. These endpoints can be used in a Cross-Site
    Scripting (see CVE-2020-15769) attack to extract authentications Cookies that
    are protected with the HttpOnly flag and steal sessions of users and
    administrators.

    Gradle Enterprise affected application request paths:

    /info/headers
    /cache-info/headers
    /admin-info/headers
    /distribution-broker-info/headers

    Gradle Enterprise Build Cache Node affected application request paths:

    /cache-node-info/headers
    Workaround / Fix
    ----------------
    Upgrade to Gradle Enterprise 2020.2.5 or later.

    Timeline
    --------
    2020-06-26: Discovery by Marat Aytuganov
    2020-06-26: Initial vendor notification
    2020-06-26: Initial vendor response
    2020-09-15: Assigned CVE-2020-15768
    2020-07-13: Release of fixed Version / Patch

    References
    ----------
    [1] https://gradle.com/gradle-enterprise-solution-overview/

    You might also like