From c68c1446635b69e81cbfb6bb6e445af2bdd1990d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 18 Sep 2020 14:01:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/11xxx/CVE-2019-11402.json | 5 +++ 2019/11xxx/CVE-2019-11403.json | 5 +++ 2020/15xxx/CVE-2020-15767.json | 61 ++++++++++++++++++++++++++++++---- 2020/15xxx/CVE-2020-15768.json | 61 ++++++++++++++++++++++++++++++---- 2020/15xxx/CVE-2020-15769.json | 61 ++++++++++++++++++++++++++++++---- 2020/15xxx/CVE-2020-15770.json | 61 ++++++++++++++++++++++++++++++---- 2020/15xxx/CVE-2020-15771.json | 61 ++++++++++++++++++++++++++++++---- 2020/15xxx/CVE-2020-15772.json | 61 ++++++++++++++++++++++++++++++---- 2020/15xxx/CVE-2020-15774.json | 61 ++++++++++++++++++++++++++++++---- 2020/15xxx/CVE-2020-15775.json | 61 ++++++++++++++++++++++++++++++---- 2020/15xxx/CVE-2020-15776.json | 61 ++++++++++++++++++++++++++++++---- 2020/15xxx/CVE-2020-15777.json | 5 +++ 12 files changed, 510 insertions(+), 54 deletions(-) diff --git a/2019/11xxx/CVE-2019-11402.json b/2019/11xxx/CVE-2019-11402.json index 5fed9658b67..114c68d02a5 100644 --- a/2019/11xxx/CVE-2019-11402.json +++ b/2019/11xxx/CVE-2019-11402.json @@ -56,6 +56,11 @@ "url": "https://gradle.com/enterprise/releases/2018.5/#changes-3", "refsource": "MISC", "name": "https://gradle.com/enterprise/releases/2018.5/#changes-3" + }, + { + "refsource": "CONFIRM", + "name": "https://security.gradle.com/advisory/CVE-2019-11402", + "url": "https://security.gradle.com/advisory/CVE-2019-11402" } ] } diff --git a/2019/11xxx/CVE-2019-11403.json b/2019/11xxx/CVE-2019-11403.json index e7e8fba3af1..3619272d1b7 100644 --- a/2019/11xxx/CVE-2019-11403.json +++ b/2019/11xxx/CVE-2019-11403.json @@ -56,6 +56,11 @@ "url": "https://gradle.com/enterprise/releases/2018.5/#changes-2", "refsource": "MISC", "name": "https://gradle.com/enterprise/releases/2018.5/#changes-2" + }, + { + "refsource": "CONFIRM", + "name": "https://security.gradle.com/advisory/CVE-2019-11403", + "url": "https://security.gradle.com/advisory/CVE-2019-11403" } ] } diff --git a/2020/15xxx/CVE-2020-15767.json b/2020/15xxx/CVE-2020-15767.json index 4a8272676a4..9f6f37e9fdc 100644 --- a/2020/15xxx/CVE-2020-15767.json +++ b/2020/15xxx/CVE-2020-15767.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15767", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15767", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Gradle Enterprise before 2020.2.5. Lack of the secure attribute on the anti-CSRF cookie allows an attacker (with the ability to read HTTP traffic) to obtain a user's anti-CSRF token if the user initiates a cleartext HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/gradle/gradle/security/advisories", + "refsource": "MISC", + "name": "https://github.com/gradle/gradle/security/advisories" + }, + { + "refsource": "CONFIRM", + "name": "https://security.gradle.com/advisory/CVE-2020-15767", + "url": "https://security.gradle.com/advisory/CVE-2020-15767" } ] } diff --git a/2020/15xxx/CVE-2020-15768.json b/2020/15xxx/CVE-2020-15768.json index d4482cf736a..5b489569455 100644 --- a/2020/15xxx/CVE-2020-15768.json +++ b/2020/15xxx/CVE-2020-15768.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15768", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15768", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection allows remote attackers to obtain authentication cookies (if an XSS issue exists) via the /info/headers, /cache-info/headers, /admin-info/headers, /distribution-broker-info/headers, or /cache-node-info/headers path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/gradle/gradle/security/advisories", + "refsource": "MISC", + "name": "https://github.com/gradle/gradle/security/advisories" + }, + { + "refsource": "CONFIRM", + "name": "https://security.gradle.com/advisory/CVE-2020-15768", + "url": "https://security.gradle.com/advisory/CVE-2020-15768" } ] } diff --git a/2020/15xxx/CVE-2020-15769.json b/2020/15xxx/CVE-2020-15769.json index 3b949e7808c..fce87d67b8c 100644 --- a/2020/15xxx/CVE-2020-15769.json +++ b/2020/15xxx/CVE-2020-15769.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15769", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15769", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS issue exists via the request URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/gradle/gradle/security/advisories", + "refsource": "MISC", + "name": "https://github.com/gradle/gradle/security/advisories" + }, + { + "refsource": "CONFIRM", + "name": "https://security.gradle.com/advisory/CVE-2020-15769", + "url": "https://security.gradle.com/advisory/CVE-2020-15769" } ] } diff --git a/2020/15xxx/CVE-2020-15770.json b/2020/15xxx/CVE-2020-15770.json index 428c06bf06f..82c7cb867f4 100644 --- a/2020/15xxx/CVE-2020-15770.json +++ b/2020/15xxx/CVE-2020-15770.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15770", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15770", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Gradle Enterprise 2018.5. There is a lack of lock-out after excessive failed login attempts. This allows a remote attacker to conduct brute-force guessing of a local user's password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/gradle/gradle/security/advisories", + "refsource": "MISC", + "name": "https://github.com/gradle/gradle/security/advisories" + }, + { + "refsource": "CONFIRM", + "name": "https://security.gradle.com/advisory/CVE-2020-15770", + "url": "https://security.gradle.com/advisory/CVE-2020-15770" } ] } diff --git a/2020/15xxx/CVE-2020-15771.json b/2020/15xxx/CVE-2020-15771.json index c9f06ffee8c..57c35998e54 100644 --- a/2020/15xxx/CVE-2020-15771.json +++ b/2020/15xxx/CVE-2020-15771.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15771", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15771", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. CSRF mitigation can be bypassed because cross-site transmission of a cookie (containing a CSRF token) can occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/gradle/gradle/security/advisories", + "refsource": "MISC", + "name": "https://github.com/gradle/gradle/security/advisories" + }, + { + "refsource": "CONFIRM", + "name": "https://security.gradle.com/advisory/CVE-2020-15771", + "url": "https://security.gradle.com/advisory/CVE-2020-15771" } ] } diff --git a/2020/15xxx/CVE-2020-15772.json b/2020/15xxx/CVE-2020-15772.json index 57c016e17a3..74a83b15825 100644 --- a/2020/15xxx/CVE-2020-15772.json +++ b/2020/15xxx/CVE-2020-15772.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15772", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15772", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. There is XXE with resultant SSRF via an uploaded SAML IDP configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/gradle/gradle/security/advisories", + "refsource": "MISC", + "name": "https://github.com/gradle/gradle/security/advisories" + }, + { + "refsource": "CONFIRM", + "name": "https://security.gradle.com/advisory/CVE-2020-15772", + "url": "https://security.gradle.com/advisory/CVE-2020-15772" } ] } diff --git a/2020/15xxx/CVE-2020-15774.json b/2020/15xxx/CVE-2020-15774.json index 627cfac0bc3..02183e0cdf1 100644 --- a/2020/15xxx/CVE-2020-15774.json +++ b/2020/15xxx/CVE-2020-15774.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15774", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15774", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. Because of implicitly remembered user-login information, physically proximate attackers can use a user session after browser closure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/gradle/gradle/security/advisories", + "refsource": "MISC", + "name": "https://github.com/gradle/gradle/security/advisories" + }, + { + "refsource": "CONFIRM", + "name": "https://security.gradle.com/advisory/CVE-2020-15774", + "url": "https://security.gradle.com/advisory/CVE-2020-15774" } ] } diff --git a/2020/15xxx/CVE-2020-15775.json b/2020/15xxx/CVE-2020-15775.json index 8f6a342a246..7bd0a8188a5 100644 --- a/2020/15xxx/CVE-2020-15775.json +++ b/2020/15xxx/CVE-2020-15775.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15775", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15775", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. Unrestricted access to a high-level system-usage summary allows an attacker to obtain project names and usage metrics." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/gradle/gradle/security/advisories", + "refsource": "MISC", + "name": "https://github.com/gradle/gradle/security/advisories" + }, + { + "refsource": "CONFIRM", + "name": "https://security.gradle.com/advisory/CVE-2020-15775", + "url": "https://security.gradle.com/advisory/CVE-2020-15775" } ] } diff --git a/2020/15xxx/CVE-2020-15776.json b/2020/15xxx/CVE-2020-15776.json index 9f558c0d1ac..d0a6988d552 100644 --- a/2020/15xxx/CVE-2020-15776.json +++ b/2020/15xxx/CVE-2020-15776.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15776", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15776", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. CSRF mitigation can be bypassed because the anti-CSRF token is in a cleartext cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/gradle/gradle/security/advisories", + "refsource": "MISC", + "name": "https://github.com/gradle/gradle/security/advisories" + }, + { + "refsource": "CONFIRM", + "name": "https://security.gradle.com/advisory/CVE-2020-15776", + "url": "https://security.gradle.com/advisory/CVE-2020-15776" } ] } diff --git a/2020/15xxx/CVE-2020-15777.json b/2020/15xxx/CVE-2020-15777.json index 8e3ddc5daed..260e8e11aee 100644 --- a/2020/15xxx/CVE-2020-15777.json +++ b/2020/15xxx/CVE-2020-15777.json @@ -56,6 +56,11 @@ "refsource": "CONFIRM", "name": "https://docs.gradle.com/enterprise/maven-extension/#release_history", "url": "https://docs.gradle.com/enterprise/maven-extension/#release_history" + }, + { + "refsource": "CONFIRM", + "name": "https://security.gradle.com/advisory/CVE-2020-15777", + "url": "https://security.gradle.com/advisory/CVE-2020-15777" } ] }