CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2024/10/23 10:35 a.m.•2 views

Code Injection

Overview snyk-gradle-plugin is a plugin for the Snyk CLI tool, providing dependency metadata for Gradle projects. Affected versions of this package are vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrust...

8.8CVSS7AI score0.00137EPSS

vulnersOsv•added 2024/09/19 4:6 p.m.•7 views

build.less:build.less.gradle.plugin (>=1.0.0-beta1 <=1.0.0-rc2), build.less:buildless-plugin-gradle (>=1.0.0-beta1 <=1.0.0-rc2) +177 more potentially affected by CVE-2024-7254 via com.google.protobuf:protobuf-kotlin (>=3.17.3 <=3.25.3)

com.google.protobuf:protobuf-kotlin MAVEN version =3.17.3, =1.0.0-beta1, =1.0.0-beta1, =7.0.0, =0.5.0, =0.0.1-alpha02, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =32.1.0-alpha04 and more S...

8.7CVSS6.8AI score0.00134EPSS

Spring Engineering•added 2024/05/24 12:0 a.m.•20 views

SBOM support in Spring Boot 3.3

Spring Boot 3.3.0 has been released, and it contains support for SBOMs. SBOM stands for "Software Bill of Materials" and describes the components used to build a software artifact. In the context of this blog post, that's your Spring Boot application. These SBOMs are useful because they describe...

6.5AI score

BDU FSTEC•added 2024/02/13 12:0 a.m.•1 views

The vulnerability of the Gradle plugin for the Quarkus Java framework, which allows a hacker to exploit and disclose protected information

The vulnerability of the Gradle plugin for the Quarkus Java framework is related to the disclosure of information through environment variables. Exploiting this vulnerability allows an attacker to disclose the protected information...

7.7CVSS7.1AI score0.02999EPSS

Exploits0References3Affected Software1

vulnersOsv•added 2024/01/31 9:30 a.m.•3 views

gradle.plugin.org.springframework.cloud:spring-cloud-contract-gradle-plugin (=4.1.0), org.springframework.cloud.contract:org.springframework.cloud.contract.gradle.plugin (=4.1.0) +10 more potentially affected by CVE-2024-22236 via org.springframework.cloud:spring-cloud-contract-shade (=4.1.0)

org.springframework.cloud:spring-cloud-contract-shade MAVEN version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.cloud:spring-cloud-contract-shade and may be impacted: -...

5.5CVSS6AI score0.00097EPSS

Github Security Blog•added 2023/11/15 3:30 p.m.•12 views

Quarkus does not properly sanitize artifacts created from its use of the Gradle plugin, allowing certain build system information to remain

A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application...

7.7CVSS6.4AI score0.02999EPSS

Exploits0References4Affected Software1

ATTACKERKB•added 2023/11/15 2:15 p.m.•3 views

CVE-2023-5720

7.7CVSS5.7AI score0.02999EPSS

NVD•added 2023/11/15 2:15 p.m.•11 views

CVE-2023-5720

7.7CVSS0.02999EPSS

OSV•added 2023/11/15 2:15 p.m.•14 views

CVE-2023-5720

7.5CVSS7.2AI score0.02999EPSS

Prion•added 2023/11/15 2:15 p.m.•13 views

Design/Logic Flaw

5CVSS6.4AI score0.02999EPSS

Exploits0References2Affected Software1

CVE•added 2023/11/15 1:57 p.m.•66 views

CVE-2023-5720

CVE-2023-5720 affects Quarkus and describes an information disclosure risk stemming from improper sanitization of artifacts created via the Gradle plugin. The flaw allows access to potentially sensitive build-system information embedded in the application. Connected sources reiterate the same vul...

7.7CVSS7.1AI score0.02999EPSS

Exploits0References2Affected Software1

Cvelist•added 2023/11/15 1:57 p.m.•11 views

CVE-2023-5720 Quarkus: build env information disclosure via gradle plugin

7.7CVSS7.4AI score0.02999EPSS

CNNVD•added 2023/11/15 12:0 a.m.•1 views

Quarkus Security Vulnerabilities

Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus that stems from not properly cleaning artifacts created using the Gradle plugin, which allows for the retention of certain build system information, allowing an...

7.7CVSS6.5AI score0.02999EPSS

RedhatCVE•added 2023/11/09 1:58 a.m.•52 views

CVE-2023-5720

7.7CVSS6.7AI score0.02999EPSS

Positive Technologies•added 2023/10/23 12:0 a.m.•4 views

PT-2023-8561 · Quarkus · Quarkus

Name of the Vulnerable Software and Affected Versions: Quarkus versions prior to 3.5.1 Quarkus versions prior to 3.2.8 LTS Description: A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain...

7.7CVSS7.1AI score0.02999EPSS

Exploits0References10

vulnersOsv•added 2023/07/26 3:30 p.m.•1 views

org.jenkins-ci.main:jenkins-test-harness-tools (=2.2), org.jenkins-ci.plugins:artifactory (>=2.12.0 <=2.12.1) +2 more potentially affected by CVE-2023-39152 via org.jenkins-ci.plugins:gradle (>=1.15 <=2.19.1244.v1f9866817fec)

org.jenkins-ci.plugins:gradle MAVEN version =1.15, =2.12.0, =0.8.0, =0.20.0 Source cves: CVE-2023-39152 Source advisory: OSV:GHSA-PVJF-4HFG-WR84...

6.5CVSS6.5AI score0.00281EPSS

OSV•added 2023/07/26 2:15 p.m.•9 views

CVE-2023-39152

Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked i.e., replaced with asterisks in the build log in some circumstances...

6.5CVSS7AI score

NVD•added 2023/07/26 2:15 p.m.•11 views

CVE-2023-39152

Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked i.e., replaced with asterisks in the build log in some circumstances...

6.5CVSS6.6AI score0.00281EPSS