Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistSnykCVELIST:CVE-2020-7599
HistoryMar 30, 2020 - 6:20 p.m.

CVE-2020-7599

2020-03-3018:20:45
snyk
www.cve.org
2

EPSS

0.001

Percentile

32.1%

JSON

All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is publicly visible (as it is in many popular public CI systems like TravisCI) this AWS pre-signed URL would allow a malicious actor to replace a recently uploaded plugin with their own.

CNA Affected

[
  {
    "product": "com.gradle.plugin-publish",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "all versions before 0.11.0"
      }
    ]
  }
]

Related

nvd 1
osv 1
cve 1
prion 1
github 1
nvd
nvd
CVE-2020-7599
2020-03-30 19:15:17
osv
osv
Exposure of Sensitive Information in Gradle publish plugin
2022-05-24 17:12:57
cve
cve
CVE-2020-7599
2020-03-30 19:15:17
prion
prion
Code injection
2020-03-30 19:15:00
github
github
Exposure of Sensitive Information in Gradle publish plugin
2022-05-24 17:12:57

EPSS

0.001

Percentile

32.1%

JSON
Related for CVELIST:CVE-2020-7599
nvd1osv1cve1prion1github1