Vulnerabilities > Gradle > Enterprise
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-09 | CVE-2023-49238 | Weak Password Requirements vulnerability in Gradle Enterprise In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. | 9.8 |
| 2022-10-21 | CVE-2022-41575 | Insufficiently Protected Credentials vulnerability in Gradle Enterprise 2022.3.1/2022.3.2 A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials). | 7.5 |
| 2022-10-07 | CVE-2022-41574 | Incorrect Authorization vulnerability in Gradle Enterprise An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpoint. | 7.5 |
| 2022-03-25 | CVE-2022-27919 | Incorrect Default Permissions vulnerability in Gradle Enterprise Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. | 9.8 |
| 2022-03-17 | CVE-2022-25364 | Incorrect Default Permissions vulnerability in Gradle Enterprise In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. | 8.1 |
| 2022-03-16 | CVE-2022-27225 | Missing Encryption of Sensitive Data vulnerability in Gradle Enterprise Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. | 4.3 |
| 2021-10-27 | CVE-2021-41589 | Incorrect Permission Assignment for Critical Resource vulnerability in Gradle Build Cache Node and Enterprise In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. | 7.5 |
| 2021-10-27 | CVE-2021-41590 | Unspecified vulnerability in Gradle Enterprise In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. | 5.0 |
| 2021-10-27 | CVE-2021-41619 | Code Injection vulnerability in Gradle Enterprise An issue was discovered in Gradle Enterprise before 2021.1.2. | 9.0 |
| 2020-09-18 | CVE-2020-15773 | Origin Validation Error vulnerability in Gradle Enterprise An issue was discovered in Gradle Enterprise before 2020.2.4. | 4.0 |