Vulnerabilities > Gradle
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-25 | CVE-2022-27919 | Exposure of Resource to Wrong Sphere vulnerability in Gradle Enterprise 2021.4.2/2021.4.3 Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. | 7.5 |
2022-03-17 | CVE-2022-25364 | Incorrect Authorization vulnerability in Gradle Enterprise In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. | 9.3 |
2022-03-16 | CVE-2022-27225 | Missing Encryption of Sensitive Data vulnerability in Gradle Enterprise Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. | 4.3 |
2022-02-10 | CVE-2022-23630 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Gradle Gradle is a build tool with a focus on build automation and support for multi-language development. | 6.0 |
2021-10-27 | CVE-2021-41589 | Incorrect Permission Assignment for Critical Resource vulnerability in Gradle Build Cache Node and Enterprise In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. | 7.5 |
2021-10-27 | CVE-2021-41590 | Exposure of Resource to Wrong Sphere vulnerability in Gradle Enterprise In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. | 5.0 |
2021-10-27 | CVE-2021-41619 | Code Injection vulnerability in Gradle Enterprise An issue was discovered in Gradle Enterprise before 2021.1.2. | 9.0 |
2021-09-24 | CVE-2021-41586 | Server-Side Request Forgery (SSRF) vulnerability in Gradle In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password. | 5.0 |
2021-09-24 | CVE-2021-41587 | Server-Side Request Forgery (SSRF) vulnerability in Gradle In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources. | 5.0 |
2021-09-24 | CVE-2021-41588 | Deserialization of Untrusted Data vulnerability in Gradle In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. | 6.8 |