Linux Distros Unpatched Vulnerability : CVE-2021-29429

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by...

Linux Distros Unpatched Vulnerability : CVE-2022-24329

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. CVE-2022-24329 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2021-29428

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and...

Linux Distros Unpatched Vulnerability : CVE-2019-15052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle...

This Week in Spring - August 5th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's August 5th! Which means we're only 20 days away until SpringOne 2025! Have you registered? There's so much to cover this week, so let's dive right into it! Spring Shell 3.4.1 is out! - the new release includes a number o...

CVE-2023-30853

Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration cache enabled, potentially exposing secrets...

CVE-2023-39152

Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked i.e., replaced with asterisks in the build log in some circumstances...

CVE-2022-48431

In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation...

CVE-2022-41575

A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data e.g., cleartext credentials. This is fixed in 2022.3.3...

CVE-2022-41574

An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal...

CVE-2022-30587

Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure...

CVE-2022-30586

Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution...

CVE-2022-27225

Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safar...

CVE-2022-25364

In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as par...

CVE-2021-21361

The com.bmuschko:gradle-vagrant-plugin Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixe...

CVE-2021-41589

In Gradle Enterprise before 2021.3 and Enterprise Build Cache Node before 10.0, there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to the configuration user interface and anonymo...

CVE-2021-26719

A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2. A malicious actor with certain credentials can perform a registration step such that craft...

CVE-2021-41619

An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup configuration. The installation configuration user interface available to administrators allows specifying arbitrary Java Virtual Machine startup options. Some of the...

CVE-2021-41590

In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators allows testing the configured SMTP server settings. This test function can be used to identify th...

CVE-2021-41588

In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys...