Vulnerability Description
In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gradle | Build Cache Node | < 5.2 |
| Gradle | Enterprise | < 2018.5.2 |
Related Weaknesses (CWE)
References
- https://gradle.com/enterprise/releases/2018.5/#changes-2Release NotesVendor Advisory
- https://security.gradle.com/advisory/CVE-2019-11403Vendor Advisory
- https://gradle.com/enterprise/releases/2018.5/#changes-2Release NotesVendor Advisory
- https://security.gradle.com/advisory/CVE-2019-11403Vendor Advisory
FAQ
What is CVE-2019-11403?
CVE-2019-11403 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page.
How severe is CVE-2019-11403?
CVE-2019-11403 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-11403?
Check the references section above for vendor advisories and patch information. Affected products include: Gradle Build Cache Node, Gradle Enterprise.