CVE-2020-15767

{"id": "CVE-2020-15767", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.6}]}, "published": "2020-09-18T14:15:12.073", "references": [{"url": "https://github.com/gradle/gradle/security/advisories", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.gradle.com/advisory/CVE-2020-15767", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-311"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Gradle Enterprise before 2020.2.5. The cookie used to convey the CSRF prevention token is not annotated with the \u201csecure\u201d attribute, which allows an attacker with the ability to MITM plain HTTP requests to obtain it, if the user mistakenly uses a HTTP instead of HTTPS address to access the server. This cookie value could then be used to perform CSRF."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Gradle Enterprise versiones anteriores a 2020.2.5. La cookie utilizada para transmitir el token de prevenci\u00f3n del CSRF no est\u00e1 anotada con el atributo \"seguro\", lo que permite a un atacante con capacidad de MITM peticiones HTTP simples obtenerlo, si el usuario utiliza por error una direcci\u00f3n HTTP en lugar de HTTPS para acceder al servidor. Este valor de la cookie podr\u00eda entonces ser utilizado para realizar CSRF"}], "lastModified": "2021-12-21T00:47:43.990", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gradle:enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD367EF2-3F92-43C8-A18F-BE0F679521AF", "versionEndExcluding": "2020.2.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}