Vulnerabilities > Gradle
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-09 | CVE-2023-49238 | Weak Password Requirements vulnerability in Gradle Enterprise In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. | 9.8 |
| 2023-10-06 | CVE-2023-42445 | XXE vulnerability in Gradle Gradle is a build tool with a focus on build automation and support for multi-language development. | 5.3 |
| 2023-10-05 | CVE-2023-44387 | Incorrect Permission Assignment for Critical Resource vulnerability in Gradle Gradle is a build tool with a focus on build automation and support for multi-language development. | 6.5 |
| 2023-06-30 | CVE-2023-35946 | Path Traversal vulnerability in Gradle Gradle is a build tool with a focus on build automation and support for multi-language development. | 5.5 |
| 2023-06-30 | CVE-2023-35947 | Path Traversal vulnerability in Gradle Gradle is a build tool with a focus on build automation and support for multi-language development. | 8.1 |
| 2023-04-28 | CVE-2023-30853 | Cleartext Storage of Sensitive Information vulnerability in Gradle Build Action Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. | 6.5 |
| 2023-03-02 | CVE-2023-26053 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Gradle Gradle is a build tool with a focus on build automation and support for multi-language development. | 9.8 |
| 2022-10-21 | CVE-2022-41575 | Insufficiently Protected Credentials vulnerability in Gradle Enterprise 2022.3.1/2022.3.2 A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials). | 7.5 |
| 2022-10-07 | CVE-2022-41574 | Incorrect Authorization vulnerability in Gradle Enterprise An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpoint. | 7.5 |
| 2022-07-14 | CVE-2022-31156 | Improper Verification of Cryptographic Signature vulnerability in Gradle Gradle is a build tool. | 4.4 |