Vulnerabilities > Gradle
|2022-03-25||CVE-2022-27919|| Exposure of Resource to Wrong Sphere vulnerability in Gradle Enterprise 2021.4.2/2021.4.3 |
Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file.
| 7.5 |
|2022-03-17||CVE-2022-25364|| Incorrect Authorization vulnerability in Gradle Enterprise |
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access.
| 9.3 |
|2022-03-16||CVE-2022-27225|| Missing Encryption of Sensitive Data vulnerability in Gradle Enterprise |
Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations.
| 4.3 |
|2022-02-10||CVE-2022-23630|| Inclusion of Functionality from Untrusted Control Sphere vulnerability in Gradle |
Gradle is a build tool with a focus on build automation and support for multi-language development.
| 6.0 |
|2021-10-27||CVE-2021-41589|| Incorrect Permission Assignment for Critical Resource vulnerability in Gradle Build Cache Node and Enterprise |
In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration.
| 7.5 |
|2021-10-27||CVE-2021-41590|| Exposure of Resource to Wrong Sphere vulnerability in Gradle Enterprise |
In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test.
| 5.0 |
|2021-10-27||CVE-2021-41619|| Code Injection vulnerability in Gradle Enterprise |
An issue was discovered in Gradle Enterprise before 2021.1.2.
| 9.0 |
|2021-09-24||CVE-2021-41586|| Server-Side Request Forgery (SSRF) vulnerability in Gradle |
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password.
| 5.0 |
|2021-09-24||CVE-2021-41587|| Server-Side Request Forgery (SSRF) vulnerability in Gradle |
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources.
| 5.0 |
|2021-09-24||CVE-2021-41588|| Deserialization of Untrusted Data vulnerability in Gradle |
In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects.
| 6.8 |