Vulnerabilities > Gradle > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-30 | CVE-2023-35947 | Path Traversal vulnerability in Gradle Gradle is a build tool with a focus on build automation and support for multi-language development. | 8.1 |
| 2022-10-21 | CVE-2022-41575 | Insufficiently Protected Credentials vulnerability in Gradle Enterprise 2022.3.1/2022.3.2 A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials). | 7.5 |
| 2022-10-07 | CVE-2022-41574 | Incorrect Authorization vulnerability in Gradle Enterprise An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpoint. | 7.5 |
| 2022-06-06 | CVE-2022-30587 | Insufficiently Protected Credentials vulnerability in Gradle Enterprise 2022.2 Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure. | 7.5 |
| 2022-06-06 | CVE-2022-30586 | Information Exposure vulnerability in Gradle Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution. | 7.2 |
| 2022-03-17 | CVE-2022-25364 | Incorrect Default Permissions vulnerability in Gradle Enterprise In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. | 8.1 |
| 2021-10-27 | CVE-2021-41589 | Incorrect Permission Assignment for Critical Resource vulnerability in Gradle Build Cache Node and Enterprise In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. | 7.5 |
| 2021-07-20 | CVE-2021-32751 | OS Command Injection vulnerability in Gradle Gradle is a build tool with a focus on build automation. | 8.5 |
| 2020-10-01 | CVE-2020-11979 | As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. | 7.5 |
| 2020-09-18 | CVE-2020-15776 | Unspecified vulnerability in Gradle Enterprise An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. | 8.8 |