Vulnerabilities > Gradle > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-09 | CVE-2023-49238 | Weak Password Requirements vulnerability in Gradle Enterprise In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. | 9.8 |
| 2023-03-02 | CVE-2023-26053 | Unspecified vulnerability in Gradle Gradle is a build tool with a focus on build automation and support for multi-language development. | 9.8 |
| 2022-03-25 | CVE-2022-27919 | Incorrect Default Permissions vulnerability in Gradle Enterprise Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. | 9.8 |
| 2021-10-27 | CVE-2021-41589 | Incorrect Permission Assignment for Critical Resource vulnerability in Gradle Build Cache Node and Enterprise In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. | 9.8 |
| 2019-08-14 | CVE-2019-15052 | Insufficiently Protected Credentials vulnerability in Gradle The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. | 9.8 |
| 2019-04-22 | CVE-2019-11403 | Information Exposure vulnerability in Gradle Build Cache Node and Enterprise In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page. | 9.8 |
| 2019-04-22 | CVE-2019-11402 | Insufficiently Protected Credentials vulnerability in Gradle Enterprise In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format. | 9.8 |
| 2017-02-07 | CVE-2016-6199 | Deserialization of Untrusted Data vulnerability in Gradle 2.12 ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object. | 9.8 |