CVE-2020-7599 - OpenCVE

All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is publicly visible (as it is in many popular public CI systems like TravisCI) this AWS pre-signed URL would allow a malicious actor to replace a recently uploaded plugin with their own.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:A/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Gradle	Plugin Publishing

Configuration 1 [-]

cpe:2.3:a:gradle:plugin_publishing:*:*:*:*:*:*:*:*

References

Link	Resource
https://blog.gradle.org/plugin-portal-update	Vendor Advisory
https://snyk.io/vuln/SNYK-JAVA-COMGRADLEPLUGINPUBLISH-559866	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: snyk

Published: 2020-03-30T18:20:45

Updated: 2020-03-30T18:20:45

Reserved: 2020-01-21T00:00:00

Link: CVE-2020-7599

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-03-30T19:15:17.467

Modified: 2020-04-02T14:48:45.827

Link: CVE-2020-7599

JSON object: View

Redhat Information

No data.

CWE

CWE-532

{"containers": {"cna": {"affected": [{"product": "com.gradle.plugin-publish", "vendor": "n/a", "versions": [{"status": "affected", "version": "all versions before 0.11.0"}]}], "descriptions": [{"lang": "en", "value": "All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is publicly visible (as it is in many popular public CI systems like TravisCI) this AWS pre-signed URL would allow a malicious actor to replace a recently uploaded plugin with their own."}], "problemTypes": [{"descriptions": [{"description": "Insertion of Sensitive Information into Log File", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-30T18:20:45", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JAVA-COMGRADLEPLUGINPUBLISH-559866"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.gradle.org/plugin-portal-update"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "ID": "CVE-2020-7599", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "com.gradle.plugin-publish", "version": {"version_data": [{"version_value": "all versions before 0.11.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is publicly visible (as it is in many popular public CI systems like TravisCI) this AWS pre-signed URL would allow a malicious actor to replace a recently uploaded plugin with their own."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insertion of Sensitive Information into Log File"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-JAVA-COMGRADLEPLUGINPUBLISH-559866", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JAVA-COMGRADLEPLUGINPUBLISH-559866"}, {"name": "https://blog.gradle.org/plugin-portal-update", "refsource": "MISC", "url": "https://blog.gradle.org/plugin-portal-update"}]}}}}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2020-7599", "datePublished": "2020-03-30T18:20:45", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2020-03-30T18:20:45", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gradle:plugin_publishing:*:*:*:*:*:*:*:*", "matchCriteriaId": "7375D0C7-B1FD-4EAD-A388-F9CA9A14F222", "versionEndExcluding": "0.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is publicly visible (as it is in many popular public CI systems like TravisCI) this AWS pre-signed URL would allow a malicious actor to replace a recently uploaded plugin with their own."}, {"lang": "es", "value": "Todas las versiones de com.gradle.plugin-publishing anteriores a 0.11.0, son vulnerables a la Inserci\u00f3n de Informaci\u00f3n Confidencial en el Archivo de Registro (Log File). Cuando un autor del plugin publica un plugin de Gradle mientras ejecuta Gradle con el flag de nivel de registro --info, Gradle Logger registra una URL pre-firmada de AWS. Si este registro de compilaci\u00f3n es visible p\u00fablicamente (como lo es en muchos sistemas de CI p\u00fablicos populares como TravisCI), esta URL pre-firmada por AWS permitir\u00eda que un actor malicioso reemplace un plugin subido recientemente por el suyo."}], "id": "CVE-2020-7599", "lastModified": "2020-04-02T14:48:45.827", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-30T19:15:17.467", "references": [{"source": "report@snyk.io", "tags": ["Vendor Advisory"], "url": "https://blog.gradle.org/plugin-portal-update"}, {"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JAVA-COMGRADLEPLUGINPUBLISH-559866"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}