Vulnerabilities > Gradle

DATE CVE VULNERABILITY TITLE RISK
2024-01-09 CVE-2023-49238 Weak Password Requirements vulnerability in Gradle Enterprise
In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password.
network
low complexity
gradle CWE-521
critical
9.8
2023-10-06 CVE-2023-42445 Unspecified vulnerability in Gradle
Gradle is a build tool with a focus on build automation and support for multi-language development.
network
high complexity
gradle
5.3
2023-10-05 CVE-2023-44387 Unspecified vulnerability in Gradle
Gradle is a build tool with a focus on build automation and support for multi-language development.
local
low complexity
gradle
6.5
2023-06-30 CVE-2023-35946 Unspecified vulnerability in Gradle
Gradle is a build tool with a focus on build automation and support for multi-language development.
local
low complexity
gradle
5.5
2023-06-30 CVE-2023-35947 Unspecified vulnerability in Gradle
Gradle is a build tool with a focus on build automation and support for multi-language development.
network
high complexity
gradle
8.1
2023-04-28 CVE-2023-30853 Cleartext Storage of Sensitive Information vulnerability in Gradle Build Action
Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow.
network
low complexity
gradle CWE-312
6.5
2023-03-02 CVE-2023-26053 Unspecified vulnerability in Gradle
Gradle is a build tool with a focus on build automation and support for multi-language development.
network
low complexity
gradle
critical
9.8
2022-10-21 CVE-2022-41575 Insufficiently Protected Credentials vulnerability in Gradle Enterprise 2022.3.1/2022.3.2
A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials).
network
low complexity
gradle CWE-522
7.5
2022-10-07 CVE-2022-41574 Incorrect Authorization vulnerability in Gradle Enterprise
An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpoint.
network
low complexity
gradle CWE-863
7.5
2022-07-14 CVE-2022-31156 Improper Verification of Cryptographic Signature vulnerability in Gradle
Gradle is a build tool.
network
high complexity
gradle CWE-347
4.4