Linux Distros Unpatched Vulnerability : CVE-2023-35947

🗓️ 30 Aug 2025 00:00:00Reported by TenableType
CVE-2023-35947: Gradle TarSlip path traversal can overwrite files or read data; upgrade to Gradle 7.6.2 or 8.2.
Reporter	Title	Published	Views	Family All 24
AlpineLinux	CVE-2023-35947	30 Jun 202321:15	–	alpinelinux
Circl	CVE-2023-35947	1 Jul 202300:15	–	circl
CNNVD	Gradle 路径遍历漏洞	30 Jun 202300:00	–	cnnvd
CVE	CVE-2023-35947	30 Jun 202320:18	–	cve
Cvelist	CVE-2023-35947 Path traversal vulnerabilities in handling of Tar archives in Gradle	30 Jun 202320:18	–	cvelist
Debian CVE	CVE-2023-35947	30 Jun 202320:18	–	debiancve
EUVD	EUVD-2023-39931	3 Oct 202520:07	–	euvd
NVD	CVE-2023-35947	30 Jun 202321:15	–	nvd
OpenVAS	openSUSE Security Advisory (SUSE-SU-2024:3923-1)	8 Nov 202400:00	–	openvas
OpenVAS	SUSE: Security Advisory (SUSE-SU-2024:3923-1)	6 Nov 202400:00	–	openvas
Source	Link
security-tracker	www.security-tracker.debian.org/tracker/CVE-2023-35947
ubuntu	www.ubuntu.com/security/CVE-2023-35947
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(259488);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/21");

  script_cve_id("CVE-2023-35947");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2023-35947");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - Gradle is a build tool with a focus on build automation and support for multi-language development. In
    affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of
    the unpack location. This could lead to important files being overwritten anywhere the Gradle process has
    write permissions. For a build reading Tar entries from a Tar archive, this issue could allow Gradle to
    disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an
    attacker needs to either control the source of an archive already used by the build or modify the build to
    interact with a malicious archive. It is unlikely that this would go unnoticed. A fix has been released in
    Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will
    refuse to handle Tar archives which contain path traversal elements in a Tar entry name. Users are advised
    to upgrade. There are no known workarounds for this vulnerability. ### Impact This is a path traversal
    vulnerability when Gradle deals with Tar archives, often referenced as TarSlip, a variant of ZipSlip. *
    When unpacking Tar archives, Gradle did not check that files could be written outside of the unpack
    location. This could lead to important files being overwritten anywhere the Gradle process has write
    permissions. * For a build reading Tar entries from a Tar archive, this issue could allow Gradle to
    disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an
    attacker needs to either control the source of an archive already used by the build or modify the build to
    interact with a malicious archive. It is unlikely that this would go unnoticed. Gradle uses Tar archives
    for its [Build Cache](https://docs.gradle.org/current/userguide/build_cache.html). These archives are safe
    when created by Gradle. But if an attacker had control of a remote build cache server, they could inject
    malicious build cache entries that leverage this vulnerability. This attack vector could also be exploited
    if a man-in-the-middle can be performed between the remote cache and the build. ### Patches A fix has been
    released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions,
    Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. It is
    recommended that users upgrade to a patched version. ### Workarounds There is no workaround. * If your
    build deals with Tar archives that you do not fully trust, you need to inspect them to confirm they do not
    attempt to leverage this vulnerability. * If you use the Gradle remote build cache, make sure only trusted
    parties have write access to it and that connections to the remote cache are properly secured. ###
    References * [CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path
    Traversal')](https://cwe.mitre.org/data/definitions/22.html) * [Gradle Build
    Cache](https://docs.gradle.org/current/userguide/build_cache.html) *
    [ZipSlip](https://security.snyk.io/research/zip-slip-vulnerability) (CVE-2023-35947)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-35947");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2023-35947");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-35947");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/06/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:24.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:25.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:25.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:12.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:13.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:14.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gradle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gradle");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Debian Linux-11", "Host/OS/Debian Linux-12", "Host/OS/Debian Linux-13", "Host/OS/Debian Linux-14", "Host/OS/Ubuntu Linux-16.04", "Host/OS/Ubuntu Linux-18.04", "Host/OS/Ubuntu Linux-20.04", "Host/OS/Ubuntu Linux-22.04", "Host/OS/Ubuntu Linux-24.04", "Host/OS/Ubuntu Linux-25.04", "Host/OS/Ubuntu Linux-25.10");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Debian Linux-11": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "11",
        "pkgs": [
          {"reference": "gradle"},
          {"reference": "gradle-doc"},
          {"reference": "libgradle-core-java"},
          {"reference": "libgradle-plugins-java"}
        ]
      }
    ]
  },
  "Debian Linux-12": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "12",
        "pkgs": [
          {"reference": "gradle"},
          {"reference": "gradle-doc"},
          {"reference": "libgradle-core-java"},
          {"reference": "libgradle-plugins-java"}
        ]
      }
    ]
  },
  "Debian Linux-13": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "13",
        "pkgs": [
          {"reference": "gradle"},
          {"reference": "gradle-doc"},
          {"reference": "libgradle-core-java"},
          {"reference": "libgradle-plugins-java"}
        ]
      }
    ]
  },
  "Debian Linux-14": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "14",
        "pkgs": [
          {"reference": "gradle"},
          {"reference": "gradle-doc"},
          {"reference": "libgradle-core-java"},
          {"reference": "libgradle-plugins-java"}
        ]
      }
    ]
  },
  "Ubuntu Linux-16.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "16.04",
        "pkgs": [
          {"reference": "gradle"}
        ]
      }
    ]
  },
  "Ubuntu Linux-18.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "18.04",
        "pkgs": [
          {"reference": "gradle"}
        ]
      }
    ]
  },
  "Ubuntu Linux-20.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "20.04",
        "pkgs": [
          {"reference": "gradle"}
        ]
      }
    ]
  },
  "Ubuntu Linux-22.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "22.04",
        "pkgs": [
          {"reference": "gradle"}
        ]
      }
    ]
  },
  "Ubuntu Linux-24.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "24.04",
        "pkgs": [
          {"reference": "gradle"}
        ]
      }
    ]
  },
  "Ubuntu Linux-25.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "25.04",
        "pkgs": [
          {"reference": "gradle"}
        ]
      }
    ]
  },
  "Ubuntu Linux-25.10": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "25.10",
        "pkgs": [
          {"reference": "gradle"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}
21 May 2026 00:00Current
7.2High risk
Vulners AI Score7.2
CVSS 3.16.9 - 8.1
EPSS0.00127