N/A

Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safari versions, Keycloak sets a duplicate of the cookie without the Secure attribute, which allows the cookie to be sent when accessing the location that cookie is set for via HTTP. This creates the potential for an attacker (with the ability to impersonate the Gradle Enterprise host) to capture the login session of a user by having them click an http:// link to the server, despite the real server requiring HTTPS.

N/A

N/A

Gradle 信息泄露漏洞

Gradle是美国Gradle公司的一套基于JVM的项目构建工具，它支持maven、Ivy仓库等。 Gradle Enterprise存在安全漏洞，该漏洞源于在登录过程中，Keycloak 会设置有效地提供记住我功能的浏览器 cookie。为了向后兼容旧的 Safari 版本，Keycloak 设置了不带 Secure 属性的 cookie 的副本，这允许在通过 HTTP 访问设置 cookie 的位置时发送 cookie。这为攻击者（具有冒充 Gradle Enterprise 主机的能力）创造了可能，

N/A

N/A