Vulnerabilities > Gradle

DATE CVE VULNERABILITY TITLE RISK
2022-03-25 CVE-2022-27919 Exposure of Resource to Wrong Sphere vulnerability in Gradle Enterprise 2021.4.2/2021.4.3
Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file.
network
low complexity
gradle CWE-668
7.5
2022-03-17 CVE-2022-25364 Incorrect Authorization vulnerability in Gradle Enterprise
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access.
network
gradle CWE-863
critical
9.3
2022-03-16 CVE-2022-27225 Missing Encryption of Sensitive Data vulnerability in Gradle Enterprise
Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations.
network
gradle CWE-311
4.3
2022-02-10 CVE-2022-23630 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Gradle
Gradle is a build tool with a focus on build automation and support for multi-language development.
network
gradle CWE-829
6.0
2021-10-27 CVE-2021-41589 Incorrect Permission Assignment for Critical Resource vulnerability in Gradle Build Cache Node and Enterprise
In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration.
network
low complexity
gradle CWE-732
7.5
2021-10-27 CVE-2021-41590 Exposure of Resource to Wrong Sphere vulnerability in Gradle Enterprise
In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test.
network
low complexity
gradle CWE-668
5.0
2021-10-27 CVE-2021-41619 Code Injection vulnerability in Gradle Enterprise
An issue was discovered in Gradle Enterprise before 2021.1.2.
network
low complexity
gradle CWE-94
critical
9.0
2021-09-24 CVE-2021-41586 Server-Side Request Forgery (SSRF) vulnerability in Gradle
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password.
network
low complexity
gradle CWE-918
5.0
2021-09-24 CVE-2021-41587 Server-Side Request Forgery (SSRF) vulnerability in Gradle
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources.
network
low complexity
gradle CWE-918
5.0
2021-09-24 CVE-2021-41588 Deserialization of Untrusted Data vulnerability in Gradle
In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects.
network
gradle CWE-502
6.8