864 matches found
CVE-2023-30853 Gradle Build Action data written to GitHub Actions Cache may expose secrets
Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration cache enabled, potentially exposing secrets...
CVE-2023-30853
CVE-2023-30853 describes an information disclosure in the Gradle Build Action for GitHub Actions when the configuration cache is enabled in versions prior to 2.4.2. Environment variables passed to Gradle can be persisted into GitHub Actions cache entries, which may be read by untrusted workflows ...
CVE-2023-30853 Gradle Build Action data written to GitHub Actions Cache may expose secrets
Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration cache enabled, potentially exposing secrets...
Gradle 信息泄露漏洞
Gradle is a set of JVM-based project building tools from the US company Gradle, which supports maven, Ivy repositories and more. An information disclosure vulnerability exists in Gradle versions prior to 2.4.2, which stems from the fact that data stored in the GitHub Actions cache can be read by...
PT-2023-23009 · Gradle +1 · Gradle Build Tool +1
Name of the Vulnerable Software and Affected Versions: Gradle Build Action versions prior to 2.4.2 Description: A vulnerability in the Gradle Build Action impacts GitHub workflows that have executed the Gradle Build Tool with the configuration cache enabled, potentially exposing secrets configure...
A Bootiful Podcast: Gradle Developer Advocate, Java Champion, and legend Trisha Gee
Hi, Spring fans! In this installment, Java Champion and legend Trisha Gee @trishagee rejoins the show to talk about Gradle, developer productivity, and so much more...
This Week in Spring - April 18th, 2023
Hi, Spring fans! Welcome to another installment of This Week in Spring! This week, I just returned from Western Europe for Devoxx FR Paris and Kotlin Conf Amsterdam. I went home, saw my family, did some laundry, and then turned right back around to head to Chicago, Illinois, for a special joint...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gradle (SUSE-SU-2023:1867-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:1867-1 advisory. - In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with...
SUSE-SU-2023:1867-1 Security update for gradle
This update for gradle fixes the following issues: - CVE-2021-29428: Fixed a local privilege escalation through system temporary directory. bsc1184807...
A Bootiful Podcast: Sonatype's Steve Poole and Gradle's Justin Reock on Improving Developer Productivity without compromising on things like security
Hi, Spring fans! Welcome to another installment of a Bootiful Podcast! In this installment, recorded at Devnexus in Atlanta, GA, I talk to newcomer to the show Steve Poole, from Sonatype, and Justin Reock, from Gradle, about improving developer productivity without comprising on things like...
CVE-2022-48431
In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation...
CVE-2022-48431
In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation...
Design/Logic Flaw
In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation...
CVE-2022-48431
JetBrains IntelliJ IDEA prior to 2023.1 is affected: importing Gradle and Maven projects could bypass theTrust Project confirmation, potentially allowing untrusted project data to be loaded. The issue is documented across multiple sources (NVD/Red Hat/NCSC) with consistent description. The practi...
PT-2023-15775 · Jetbrains · Intellij Idea
Name of the Vulnerable Software and Affected Versions: JetBrains IntelliJ IDEA versions prior to 2023.1 Description: The issue allows Gradle and Maven projects to be imported without the "Trust Project" confirmation in certain cases. Recommendations: For versions prior to 2023.1, update to versio...
JetBrains IntelliJ IDEA 数据伪造问题漏洞
JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from the Czech company JetBrains. A security vulnerability exists in JetBrains IntelliJ IDEA versions prior to 2023.1, which stems from the ability to import Gradle and Maven projects without confirming...
SUSE CVE-2023-26053
Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs 64bits for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their...
CVE-2023-26053
A flaw was found in Gradle when verifying long IDs of 64 bits for PGP keys in the trusted key or PGP element. This flaw allows an attacker to exploit this issue and collision the dependency verification. Mitigation Using only full fingerprint IDs for the trusted key or pgp element in the metadata...
CVE-2023-26053
Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs 64bits for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their...
Code injection
Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs 64bits for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their...