Vulnerabilities > Gradle

DATE CVE VULNERABILITY TITLE RISK
2023-04-28 CVE-2023-30853 Cleartext Storage of Sensitive Information vulnerability in Gradle Build Action
Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow.
network
low complexity
gradle CWE-312
6.5
2023-03-02 CVE-2023-26053 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Gradle
Gradle is a build tool with a focus on build automation and support for multi-language development.
network
low complexity
gradle CWE-829
critical
9.8
2022-10-21 CVE-2022-41575 Insufficiently Protected Credentials vulnerability in Gradle Enterprise 2022.3.1/2022.3.2
A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials).
network
low complexity
gradle CWE-522
7.5
2022-10-07 CVE-2022-41574 Incorrect Authorization vulnerability in Gradle Enterprise
An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpoint.
network
low complexity
gradle CWE-863
7.5
2022-06-06 CVE-2022-30587 Incorrect Authorization vulnerability in Gradle Enterprise
Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure.
network
low complexity
gradle CWE-863
5.0
2022-06-06 CVE-2022-30586 Incorrect Authorization vulnerability in Gradle
Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution.
network
low complexity
gradle CWE-863
6.5
2022-03-25 CVE-2022-27919 Exposure of Resource to Wrong Sphere vulnerability in Gradle Enterprise 2021.4.2/2021.4.3
Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file.
network
low complexity
gradle CWE-668
7.5
2022-03-17 CVE-2022-25364 Incorrect Authorization vulnerability in Gradle Enterprise
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access.
network
gradle CWE-863
critical
9.3
2022-03-16 CVE-2022-27225 Missing Encryption of Sensitive Data vulnerability in Gradle Enterprise
Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations.
network
gradle CWE-311
4.3
2022-02-10 CVE-2022-23630 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Gradle
Gradle is a build tool with a focus on build automation and support for multi-language development.
network
gradle CWE-829
6.0