CVE-2019-15052 — Vulnetix

Try Vulnetix Request Demo

CVE-2019-15052 PUBLISHED

The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007.

EPSS 0.31% · 54.3th percentile

Risk Scores

EPSS Score

0.31%

54.3th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	gradle	2.10-1, 2.7-3, 2.7-2
Ubuntu:Pro:18.04:LTS	gradle	3.4.1-7ubuntu1, 4.4.1-5ubuntu2~18.04, 4.4.1-5ubuntu2~18.04+esm1
Ubuntu:24.04:LTS	gradle	0, 4.4.1-18, 4.4.1-20
Ubuntu:22.04:LTS	gradle	4.4.1-13, 0
Ubuntu:25.10	gradle	0, 4.4.1-22
Ubuntu:20.04:LTS	gradle	0, 4.4.1-10, 4.4.1-9

Timeline

Aug 14, 2019 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2019-15052 third-party-advisory
https://github.com/gradle/gradle/issues/10278 third-party-advisory
https://github.com/gradle/gradle/pull/10176 third-party-advisory
https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2019-15052 third-party-advisory

Open in Interactive Console →