vulnerability

SUSE: CVE-2019-15052: SUSE Linux Security Advisory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Aug 14, 2019	Aug 9, 2024	Aug 9, 2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Aug 14, 2019

Added

Aug 9, 2024

Modified

Aug 9, 2024

Description

The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007.

Solutions

suse-upgrade-gpars-bootstrapsuse-upgrade-gradlesuse-upgrade-gradle-bootstrapsuse-upgrade-groovy-bootstrap

References

CVE-2019-15052
https://attackerkb.com/topics/CVE-2019-15052

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report