Vulnerabilities > Gradle > Enterprise > 2021.4.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-09 | CVE-2023-49238 | Weak Password Requirements vulnerability in Gradle Enterprise In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. | 9.8 |
| 2022-10-07 | CVE-2022-41574 | Incorrect Authorization vulnerability in Gradle Enterprise An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpoint. | 7.5 |
| 2022-03-25 | CVE-2022-27919 | Incorrect Default Permissions vulnerability in Gradle Enterprise Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. | 9.8 |
| 2022-03-16 | CVE-2022-27225 | Missing Encryption of Sensitive Data vulnerability in Gradle Enterprise Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. | 6.5 |