864 matches found
PT-2024-13707 · Gradle · Gradle Enterprise
Name of the Vulnerable Software and Affected Versions: Gradle Enterprise versions prior to 2023.1 Description: A remote attacker may gain access to a new installation of Gradle Enterprise in certain scenarios due to a non-unique initial system user password. Although this password must be changed...
gradle: Possible local text file exfiltration by XML External entity injection
A flaw was found in Gradle. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, parsing XML can lead to the exfiltration of local text files to a remote server. In most cases, Gradle parses XML files it...
gradle: Incorrect permission assignment for symlinked files used in copy or archiving operations
A flaw was found in Gradle. When copying files or creating archives, Gradle does not preserve symbolic links, instead resolving them to their underlying target file, but permissions of the new file use those of the link instead of those from the target file. This issue can lead to files with...
Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.6.0 release and security update
Red Hat AMQ Streams 2.6.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
GHSA-WJXJ-5M7G-MG7Q vulnerabilities
Vulnerabilities for packages: gradle...
CVE-2023-33202 vulnerabilities
Vulnerabilities for packages: gradle...
CVE-2023-33202 vulnerabilities
Vulnerabilities for packages: gradle...
Sensitive Information Disclosure
io.quarkus io.quarkus.gradle.plugin is vulnerable to Information Disclosure. The vulnerability is due improper sanitization of artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information...
GHSA-P62Q-5483-H57V Quarkus does not properly sanitize artifacts created from its use of the Gradle plugin, allowing certain build system information to remain
A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application...
Quarkus does not properly sanitize artifacts created from its use of the Gradle plugin, allowing certain build system information to remain
A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application...
CVE-2023-5720
A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application...
CVE-2023-5720
A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application...
CVE-2023-5720
A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application...
Design/Logic Flaw
A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application...
CVE-2023-5720 Quarkus: build env information disclosure via gradle plugin
A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application...
CVE-2023-5720
CVE-2023-5720 affects Quarkus and describes an information disclosure risk stemming from improper sanitization of artifacts created via the Gradle plugin. The flaw allows access to potentially sensitive build-system information embedded in the application. Connected sources reiterate the same vul...
Quarkus Security Vulnerabilities
Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus that stems from not properly cleaning artifacts created using the Gradle plugin, which allows for the retention of certain build system information, allowing an...
CVE-2023-5720
A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application...
PT-2023-8561 · Quarkus · Quarkus
Name of the Vulnerable Software and Affected Versions: Quarkus versions prior to 3.5.1 Quarkus versions prior to 3.2.8 LTS Description: A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain...
Ubuntu 18.04 ESM : Gradle vulnerabilities (USN-4858-1)
The remote Ubuntu 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4858-1 advisory. It was discovered that Gradle used an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins were used. A...