Gradle Insecure HTTP URLs Man-in-the-Middle Attack Vulnerability

By GIXnews


A vulnerability in Gradle could allow an unauthenticated, remote attacker to conduct a man-in-the-middle attack on a targeted system.

The vulnerability exists because the affected software uses insecure HTTP URLs when the JavaScript or CoffeeScript Gradle plug-ins are in use. An attacker could exploit this vulnerability by executing a man-in-the-middle attack to compromise dependency artifacts on the targeted system. A successful exploit could allow the attacker to gain unauthorized access to the targeted system, which the attacker could use to conduct further attacks.

Gradle has confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2019-11065

Source:: Cisco Multivendor Vulnerability Alerts