CVE-2020-15767
CVE-2020-15767 affects Gradle Enterprise prior to 2020.2.5. The vulnerability arises because the cookie used to convey the CSRF prevention token is not annotated with the Secure attribute, enabling an attacker who can perform MITM on plain HTTP requests to obtain the token when a user accesses th...