Vulnerabilities > Gradle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-18 | CVE-2020-15774 | Insufficient Session Expiration vulnerability in Gradle Enterprise An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. | 6.8 |
| 2020-09-18 | CVE-2020-15772 | Server-Side Request Forgery (SSRF) vulnerability in Gradle Enterprise An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. | 4.9 |
| 2020-09-18 | CVE-2020-15770 | Improper Restriction of Excessive Authentication Attempts vulnerability in Gradle Enterprise 2018.5 An issue was discovered in Gradle Enterprise 2018.5. | 5.5 |
| 2020-09-18 | CVE-2020-15769 | Cross-site Scripting vulnerability in Gradle Enterprise 2020.2/2020.2.4 An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. | 6.1 |
| 2020-09-18 | CVE-2020-15767 | Missing Encryption of Sensitive Data vulnerability in Gradle Enterprise An issue was discovered in Gradle Enterprise before 2020.2.5. | 5.3 |
| 2020-03-30 | CVE-2020-7599 | Information Exposure Through Log Files vulnerability in Gradle Plugin Publishing All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. | 6.5 |
| 2019-09-16 | CVE-2019-16370 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Gradle The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900. | 5.9 |
| 2019-04-10 | CVE-2019-11065 | Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. | 5.9 |