EUVD-2021-28603

Malicious code in bioql PyPI...

CVE-2021-41589

Affected software: Gradle Enterprise prior to 2021.3 and Enterprise Build Cache Node prior to 10.0. Vulnerability: Default configuration allows anonymous access to the configuration UI and anonymous write access to the build cache, enabling cache poisoning that may execute malicious code in a bui...

Design/Logic Flaw

An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection in Gradle Enterprise allows remote attackers to obtain authentication cookies, if they are able to discover a separate XSS vulnerability. This...

Design/Logic Flaw

An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. Cross-site transmission of cookie containing CSRF token allows remote attacker to bypass CSRF mitigation...

CVE-2019-11403

In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page...