CVE-2023-44387

Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to...

Design/Logic Flaw

Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to...

UBUNTU-CVE-2023-44387

Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to...

CVE-2023-44387

Gradle vulnerability CVE-2023-44387 involves incorrect permission handling when copying or archiving symlinked files: Gradle currently applies the permissions of the symlink itself rather than of the linked file, potentially granting excessive permissions on resulting files. This behavior is pres...

CVE-2023-44387 Gradle has incorrect permission assignment for symlinked files used in copy or archiving operations

Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to...

CVE-2023-44387 Gradle has incorrect permission assignment for symlinked files used in copy or archiving operations

Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to...

CVE-2023-44387

Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to...

Gradle Security Vulnerabilities

Gradle is a set of JVM-based project building tools from the US company Gradle, which supports maven, Ivy repositories and more. A security vulnerability exists in Gradle that stems from an improper assignment of permissions when copying files or creating archives. Affected products and versions:...

PT-2023-29221 · Gradle +1 · Gradle +1

Name of the Vulnerable Software and Affected Versions: Gradle versions prior to 7.6.3 Gradle versions prior to 8.4 Description: Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but...

Paketo Buildpacks Bionic End Of Support

The Spring Boot plugins for Maven and Gradle provide the ability to build Docker images using Cloud Native Buildpacks. By default, Spring Boot uses the CNB builders provided by the Paketo Buildpacks project. What's Changed The Paketo Buildpacks project has announced that Ubuntu 18.04 Bionic-based...

0x.plugin.bom:zero-x-plugin-bom (>=0.0.10 <=1.1.0), app.ariadust.dendrobium:app.ariadust.dendrobium.gradle.plugin (>=1.0.0 <=1.0.4) +1543 more potentially affected by CVE-2023-4759 via org.eclipse.jgit:org.eclipse.jgit (>=6.0.0.202111291000-r <=6.6.0.202305301015-r)

org.eclipse.jgit:org.eclipse.jgit MAVEN version =6.0.0.202111291000-r, =0.0.10, =1.0.0, =1.0, =1.0, =2.0, =1.0, =1.0, =3.0, =3.0, =1.0, =3.26.0, =3.26.0, =4.27.0 and more Source cves: CVE-2023-4759https://vulners.co...

CVE-2022-31156

A flaw was found in Gradle, which allows a remote, authenticated attacker to bypass security restrictions caused by an issue of dependency verification. It can ignore checksum verification when signature verification cannot be performed. By sending a specially crafted request, an attacker can...

CVE-2021-32751

A flaw was found in Gradle, which allows a remote, authenticated attacker to execute arbitrary code on the system caused by a flaw in start and gradlew. By sending specially crafted environment variables, an attacker can execute arbitrary code on the system. Mitigation CI/CD systems using the...

GHSA-2JC4-R94C-RP7H vulnerabilities

Vulnerabilities for packages: gradle-stage0, gradle...

GHSA-2JC4-R94C-RP7H vulnerabilities

Vulnerabilities for packages: gradle, gradle-stage0...

CVE-2022-46751 vulnerabilities

Vulnerabilities for packages: gradle-stage0, gradle...

CVE-2022-46751 vulnerabilities

Vulnerabilities for packages: gradle, gradle-stage0...

CVE-2023-35947

A flaw was found in Gradle. When unpacking Tar archives, Gradle did not check that files could be written outside the unpack location. This issue could lead to important files being overwritten anywhere the Gradle process has write permissions. This flaw allows an attacker with control of an...

CVE-2023-35946

A flaw was found in Gradle that permits directory traversal in its evaluation of repository paths. This issue could allow a local attacker to overwrite a file in the dependency cache with malicious code. Mitigation Users unable to upgrade should use dependency verification to make this...

org.jenkins-ci.main:jenkins-test-harness-tools (=2.2), org.jenkins-ci.plugins:artifactory (>=2.12.0 <=2.12.1) +2 more potentially affected by CVE-2023-39152 via org.jenkins-ci.plugins:gradle (>=1.15 <=2.19.1244.v1f9866817fec)

org.jenkins-ci.plugins:gradle MAVEN version =1.15, =2.12.0, =0.8.0, =0.20.0 Source cves: CVE-2023-39152 Source advisory: OSV:GHSA-PVJF-4HFG-WR84...