Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header.
{ "severity": "High", "cpes": [ "cpe:2.3:a:gradle:gradle:*:*:*:*:enterprise:*:*:*" ] }