OpenCVE

All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is publicly visible (as it is in many popular public CI systems like TravisCI) this AWS pre-signed URL would allow a malicious actor to replace a recently uploaded plugin with their own.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:A/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gradle	Plugin Publishing

Configuration 1 [-]

cpe:2.3:a:gradle:plugin_publishing:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://blog.gradle.org/plugin-portal-update
https://snyk.io/vuln/SNYK-JAVA-COMGRADLEPLUGINPUBLISH-559866

History

No history.

MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2020-03-30T18:20:45

Updated: 2024-08-04T09:33:19.912Z

Reserved: 2020-01-21T00:00:00

Link: CVE-2020-7599

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-03-30T19:15:17.467

Modified: 2020-04-02T14:48:45.827

Link: CVE-2020-7599

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "com.gradle.plugin-publish", "vendor": "n/a", "versions": [{"status": "affected", "version": "all versions before 0.11.0"}]}], "descriptions": [{"lang": "en", "value": "All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is publicly visible (as it is in many popular public CI systems like TravisCI) this AWS pre-signed URL would allow a malicious actor to replace a recently uploaded plugin with their own."}], "problemTypes": [{"descriptions": [{"description": "Insertion of Sensitive Information into Log File", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-30T18:20:45", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JAVA-COMGRADLEPLUGINPUBLISH-559866"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.gradle.org/plugin-portal-update"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "ID": "CVE-2020-7599", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "com.gradle.plugin-publish", "version": {"version_data": [{"version_value": "all versions before 0.11.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is publicly visible (as it is in many popular public CI systems like TravisCI) this AWS pre-signed URL would allow a malicious actor to replace a recently uploaded plugin with their own."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insertion of Sensitive Information into Log File"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-JAVA-COMGRADLEPLUGINPUBLISH-559866", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JAVA-COMGRADLEPLUGINPUBLISH-559866"}, {"name": "https://blog.gradle.org/plugin-portal-update", "refsource": "MISC", "url": "https://blog.gradle.org/plugin-portal-update"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:33:19.912Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-JAVA-COMGRADLEPLUGINPUBLISH-559866"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.gradle.org/plugin-portal-update"}]}]}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2020-7599", "datePublished": "2020-03-30T18:20:45", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-08-04T09:33:19.912Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gradle:plugin_publishing:*:*:*:*:*:*:*:*", "matchCriteriaId": "7375D0C7-B1FD-4EAD-A388-F9CA9A14F222", "versionEndExcluding": "0.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is publicly visible (as it is in many popular public CI systems like TravisCI) this AWS pre-signed URL would allow a malicious actor to replace a recently uploaded plugin with their own."}, {"lang": "es", "value": "Todas las versiones de com.gradle.plugin-publishing anteriores a 0.11.0, son vulnerables a la Inserci\u00f3n de Informaci\u00f3n Confidencial en el Archivo de Registro (Log File). Cuando un autor del plugin publica un plugin de Gradle mientras ejecuta Gradle con el flag de nivel de registro --info, Gradle Logger registra una URL pre-firmada de AWS. Si este registro de compilaci\u00f3n es visible p\u00fablicamente (como lo es en muchos sistemas de CI p\u00fablicos populares como TravisCI), esta URL pre-firmada por AWS permitir\u00eda que un actor malicioso reemplace un plugin subido recientemente por el suyo."}], "id": "CVE-2020-7599", "lastModified": "2020-04-02T14:48:45.827", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-30T19:15:17.467", "references": [{"source": "report@snyk.io", "tags": ["Vendor Advisory"], "url": "https://blog.gradle.org/plugin-portal-update"}, {"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JAVA-COMGRADLEPLUGINPUBLISH-559866"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}