CVE-2020-15777

CVSS V2 Medium 4.6 CVSS V3 High 7.8
Description
An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. The extension uses a socket connection to send serialized Java objects. Deserialization is not restricted to an allow-list, thus allowing an attacker to achieve code execution via a malicious deserialization gadget chain. The socket is not bound exclusively to localhost. The port this socket is assigned to is randomly selected and is not intentionally exposed to the public (either by design or documentation). This could potentially be used to achieve remote code execution and local privilege escalation.
Overview
  • CVE ID
  • CVE-2020-15777
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Undergoing Analysis
  • Published Version
  • 2020-08-25T22:15:11
  • Last Modified Date
  • 2020-11-09T22:15:12
Weakness Enumerations
CWE URL
CWE-502 http://cwe.mitre.org/data/definitions/502.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:gradle:maven:*:*:*:*:*:gradle:*:* 1 OR 1.6
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:L/AC:L/Au:N/C:P/I:P/A:P
  • Access Vector
  • LOCAL
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 4.6
  • Severity
  • MEDIUM
  • Exploitability Score
  • 3.9
  • Impact Score
  • 6.4
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • LOCAL
  • Attack Compatibility
  • LOW
  • Privileges Required
  • LOW
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 7.8
  • Base Severity
  • HIGH
  • Exploitability Score
  • 1.8
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://security.gradle.com/advisory/CVE-2020-15777
https://docs.gradle.com/enterprise/maven-extension/#1_6
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2020-15777
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15777
History
Created Old Value New Value Data Type Notes
2022-05-10 16:20:43 Added to TrackCVE
2022-12-04 21:31:05 2020-08-25T22:15Z 2020-08-25T22:15:11 CVE Published Date updated
2022-12-04 21:31:05 2020-11-09T22:15:12 CVE Modified Date updated
2022-12-04 21:31:05 Undergoing Analysis Vulnerability Status updated