3 matches found
CVE-2023-26053
A flaw was found in Gradle when verifying long IDs of 64 bits for PGP keys in the trusted key or PGP element. This flaw allows an attacker to exploit this issue and collision the dependency verification. Mitigation Using only full fingerprint IDs for the trusted key or pgp element in the metadata...
CVE-2023-26053
creationtimestamp| type| source ---|---|--- 2023-03-02 07:34:07+00:00| seen| https://t.me/cibsecurity/59308 2025-03-05 21:35:05+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6625...
CVE-2023-26053 Gradle usage of long IDs for PGP keys opens potential for collision attacks
Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs 64bits for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their...