๐ CVE-2020-15767
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: web.nvd.nist.gov
An issue was discovered in Gradle Enterprise before 2020.2.5. Lack of the secure attribute on the anti-CSRF cookie allows an attacker (with the ability to read HTTP traffic) to obtain a user's anti-CSRF token if the user initiates a cleartext HTTP request. ...