Vulnerabilities > Gradle
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-06 | CVE-2022-30587 | Insufficiently Protected Credentials vulnerability in Gradle Enterprise 2022.2 Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure. | 7.5 |
2022-06-06 | CVE-2022-30586 | Information Exposure vulnerability in Gradle Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution. | 7.2 |
2022-03-25 | CVE-2022-27919 | Incorrect Default Permissions vulnerability in Gradle Enterprise Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. | 9.8 |
2022-03-17 | CVE-2022-25364 | Incorrect Default Permissions vulnerability in Gradle Enterprise In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. | 8.1 |
2022-03-16 | CVE-2022-27225 | Missing Encryption of Sensitive Data vulnerability in Gradle Enterprise Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. | 6.5 |
2022-02-10 | CVE-2022-23630 | Unspecified vulnerability in Gradle Gradle is a build tool with a focus on build automation and support for multi-language development. | 7.5 |
2021-10-27 | CVE-2021-41589 | Incorrect Permission Assignment for Critical Resource vulnerability in Gradle Build Cache Node and Enterprise In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. | 9.8 |
2021-10-27 | CVE-2021-41590 | Unspecified vulnerability in Gradle Enterprise 2020.4 In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. | 5.3 |
2021-10-27 | CVE-2021-41619 | Code Injection vulnerability in Gradle Enterprise 2020.4 An issue was discovered in Gradle Enterprise before 2021.1.2. | 7.2 |
2021-09-24 | CVE-2021-41586 | Server-Side Request Forgery (SSRF) vulnerability in Gradle In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password. | 7.5 |