Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Gradle Library Version Disclosure

By kannthu

Informative
Vidoc logoVidoc Module
#file#gradle
Description

What is the "Gradle Library Version Disclosure?"

The "Gradle Library Version Disclosure" module is designed to detect misconfigurations in Gradle projects that may lead to the disclosure of library versions. Gradle is a build automation tool used primarily for Java projects. This module focuses on identifying vulnerabilities related to the exposure of library version information.

This module has an informative severity level, meaning it provides valuable information but does not directly indicate a security vulnerability.

Author: DhiyaneshDK

Impact

The impact of the "Gradle Library Version Disclosure" module is primarily informational. It helps developers identify potential risks associated with exposing library version information in their Gradle projects. By detecting these misconfigurations, developers can take appropriate actions to secure their applications and prevent potential attacks.

How the module works?

The "Gradle Library Version Disclosure" module works by sending HTTP requests to specific endpoints in the target application. It looks for the presence of certain keywords, such as "[versions]", "[libraries]", and "[bundles]", in the response body. Additionally, it verifies that the HTTP response status is 200 (OK).

Here is an example of an HTTP request sent by the module:

GET /gradle/libs.versions.toml

The module checks if the response body contains the keywords mentioned earlier and if the response status is 200. If both conditions are met, the module reports a potential misconfiguration related to the disclosure of library versions.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/gradle/libs.version.../libs.versions.toml
Matching conditions
word: [versions], [libraries], [bundles]and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability