Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-09-24T02:57:12

Updated: 2024-08-04T03:15:28.971Z

Reserved: 2021-09-24T00:00:00

Link: CVE-2021-41584

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-09-24T03:15:06.673

Modified: 2024-11-21T06:26:28.313

Link: CVE-2021-41584

cve-icon Redhat

No data.