Vulnerabilities > Gradle > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-30 | CVE-2023-35947 | Unspecified vulnerability in Gradle Gradle is a build tool with a focus on build automation and support for multi-language development. | 8.1 |
| 2022-10-21 | CVE-2022-41575 | Insufficiently Protected Credentials vulnerability in Gradle Enterprise 2022.3.1/2022.3.2 A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials). | 7.5 |
| 2022-10-07 | CVE-2022-41574 | Incorrect Authorization vulnerability in Gradle Enterprise An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpoint. | 7.5 |
| 2022-06-06 | CVE-2022-30587 | Insufficiently Protected Credentials vulnerability in Gradle Enterprise 2022.2 Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure. | 7.5 |
| 2022-06-06 | CVE-2022-30586 | Information Exposure vulnerability in Gradle Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution. | 7.2 |
| 2022-03-17 | CVE-2022-25364 | Incorrect Default Permissions vulnerability in Gradle Enterprise In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. | 8.1 |
| 2022-02-10 | CVE-2022-23630 | Unspecified vulnerability in Gradle Gradle is a build tool with a focus on build automation and support for multi-language development. | 7.5 |
| 2021-10-27 | CVE-2021-41619 | Code Injection vulnerability in Gradle Enterprise 2020.4 An issue was discovered in Gradle Enterprise before 2021.1.2. | 7.2 |
| 2021-09-24 | CVE-2021-41586 | Server-Side Request Forgery (SSRF) vulnerability in Gradle In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password. | 7.5 |
| 2021-09-24 | CVE-2021-41587 | Server-Side Request Forgery (SSRF) vulnerability in Gradle In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources. | 7.5 |