CVE-2020-15772

{"id": "CVE-2020-15772", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2020-09-18T14:15:12.387", "references": [{"url": "https://github.com/gradle/gradle/security/advisories", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.gradle.com/advisory/CVE-2020-15772", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/gradle/gradle/security/advisories", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gradle.com/advisory/CVE-2020-15772", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-611"}, {"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. When configuring Gradle Enterprise to integrate with a SAML identity provider, an XML metadata file can be uploaded by an administrator. The server side processing of this file dereferences XML External Entities (XXE), allowing a remote attacker with administrative access to perform server side request forgery."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Gradle Enterprise versiones 2018.5 - 2020.2.4. Al configurar Gradle Enterprise para integrarse con un proveedor de identidad SAML, un archivo de metadatos XML puede ser cargado por un administrador. El procesamiento de este archivo en el lado del servidor elimina las entidades externas XML (XXE), lo que permite a un atacante remoto con acceso administrativo realizar la falsificaci\u00f3n de solicitudes en el lado del servidor"}], "lastModified": "2024-11-21T05:06:08.540", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gradle:enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09283EF9-03F6-4D99-A939-C475E7D71B95", "versionEndIncluding": "2020.2.4", "versionStartIncluding": "2018.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}