CVE-2020-15772
EUVD-2020-775718.09.2020, 14:15
An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. When configuring Gradle Enterprise to integrate with a SAML identity provider, an XML metadata file can be uploaded by an administrator. The server side processing of this file dereferences XML External Entities (XXE), allowing a remote attacker with administrative access to perform server side request forgery.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| gradle | enterprise | 2018.5 ≤ 𝑥 ≤ 2020.2.4 |
𝑥
= Vulnerable software versions