Vulnerabilities > Gradle

DATE CVE VULNERABILITY TITLE RISK
2022-06-06 CVE-2022-30587 Insufficiently Protected Credentials vulnerability in Gradle Enterprise 2022.2
Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure.
network
low complexity
gradle CWE-522
7.5
2022-06-06 CVE-2022-30586 Information Exposure vulnerability in Gradle
Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution.
network
low complexity
gradle CWE-200
7.2
2022-03-25 CVE-2022-27919 Incorrect Default Permissions vulnerability in Gradle Enterprise
Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file.
network
low complexity
gradle CWE-276
critical
9.8
2022-03-17 CVE-2022-25364 Incorrect Default Permissions vulnerability in Gradle Enterprise
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access.
network
high complexity
gradle CWE-276
8.1
2022-03-16 CVE-2022-27225 Missing Encryption of Sensitive Data vulnerability in Gradle Enterprise
Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations.
network
low complexity
gradle CWE-311
6.5
2022-02-10 CVE-2022-23630 Unspecified vulnerability in Gradle
Gradle is a build tool with a focus on build automation and support for multi-language development.
network
high complexity
gradle
7.5
2021-10-27 CVE-2021-41589 Incorrect Permission Assignment for Critical Resource vulnerability in Gradle Build Cache Node and Enterprise
In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration.
network
low complexity
gradle CWE-732
critical
9.8
2021-10-27 CVE-2021-41590 Unspecified vulnerability in Gradle Enterprise 2020.4
In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test.
network
low complexity
gradle
5.3
2021-10-27 CVE-2021-41619 Code Injection vulnerability in Gradle Enterprise 2020.4
An issue was discovered in Gradle Enterprise before 2021.1.2.
network
low complexity
gradle CWE-94
7.2
2021-09-24 CVE-2021-41586 Server-Side Request Forgery (SSRF) vulnerability in Gradle
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password.
network
low complexity
gradle CWE-918
7.5