An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data in the Export API, an attacker can access data as a user (for the duration of the browser session) after previously explicitly authenticating with the API.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15773
Reference(s):
- https://security.gradle.com/advisory/CVE-2020-15773
- MISC:https://github.com/gradle/gradle/security/advisories