Gradle Enterprise Session Reuse Vulnerability

Gradle Enterprise improves developer productivity by speeding up builds, improving build reliability, and accelerating build debugging. A session reuse vulnerability exists in Gradle Enterprise 2018.5 - 2020.2.4. The vulnerability stems from implicitly logging user login information. An attacker ...

Gradle Enterprise Brute Force Password Guessing Vulnerability

Gradle is a set of JVM-based project build tools , it supports maven, Ivy repository and so on. A brute force password guessing vulnerability exists in Gradle Enterprise 2018.5. The vulnerability stems from not locking after too many failed login attempts. An attacker can use this vulnerability t...

CVE-2020-15770

CVE-2020-15770 affects Gradle Enterprise 2018.5. The vulnerability stems from the lack of account lock-out after excessive failed login attempts, enabling repeated password guesses for a local user. Public sources in connected documents corroborate a brute-force risk without lock-out, specificall...

PT-2020-14621 · Gradle · Gradle Enterprise

Name of the Vulnerable Software and Affected Versions: Gradle Enterprise versions 2018.5 through 2020.2.4 Description: An issue was discovered where an attacker with physical access to the browser of a user who has recently logged in to Gradle Enterprise and since closed their browser could reope...

CVE-2018-12565

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load instead of yaml.safeload when parsing user data, remote code execution can occur...