CVE-2022-41575

CVE-2022-41575 affects Gradle Enterprise 2022.3–2022.3.3, with the vulnerability in the support-bundle mechanism allowing remote attackers to access a subset of application data, including cleartext credentials. The issue is mitigated by upgrading to version 2022.3.3 or later (fix confirmed in th...

CVE-2022-41575

A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data e.g., cleartext credentials. This is fixed in 2022.3.3...

CVE-2022-41574

An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal...

CVE-2022-41574

An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal...

CVE-2022-41574

An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal...

Improper access control

An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal...

Gradle 安全漏洞

Gradle is a suite of JVM-based project build tools from Gradle, Inc. that supports maven, Ivy repositories, and more. A security vulnerability exists in Gradle Enterprise versions 2022.3.1 through 2022.4, which stems from a vulnerability that allows remote attackers to prevent backups from...

CVE-2022-41574

CVE-2022-41574 affects Gradle Enterprise 2022.4–2022.3.1, where an access-control flaw allows remote attackers to prevent backups and send emails with arbitrary content via an exposed internal HTTP endpoint. The issue is fixed in 2022.3.2; upgrading to that version is the stated remediation. Expl...

CVE-2022-41574

An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal...

@bifravst/package-layered-lambdas (>=3.11.9 <=4.1.10), @candrewsintegralblue/snyk (=0.0.4) +11 more potentially affected by CVE-2022-22984 +1 more via snyk-gradle-plugin (>=3.10.0 <=3.24.2)

snyk-gradle-plugin NPM version =3.10.0, =3.11.9, =0.5.8, =3.2.4, =5.0.0, =3.0.3-beta.1, =1.1.0, =1.2.1, =1.0.0-dev-0b3764c8bef4a5676c834063c335bfe110a00c0b, =1.39.2, =1.43.0 Source cves: CVE-2022-22984, CVE-2022-40764 Source advisory: SNYK:JS-SNYKGRADLEPLUGIN-3038624...

Command Injection

Overview snyk-gradle-plugin is a plugin for the Snyk CLI tool, providing dependency metadata for Gradle projects. Affected versions of this package are vulnerable to Command Injection due to an incomplete fix for CVE-2022-40764. A successful exploit allows attackers to run arbitrary commands on t...

Code Injection

Overview snyk is a advanced tool that scans and monitors projects for security vulnerabilities. Affected versions of this package are vulnerable to Code Injection. when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such a...

Native Support in Spring Boot 3.0.0-M5

The Spring Team has been working on native image support for Spring Applications for quite some time. After 3+ years of incubation in the Spring Native experimental project with Spring Boot 2, native support is moving to General Availability with Spring Framework 6 and Spring Boot 3! Native image...

com.diffplug.atplug:atplug-plugin-gradle (>=0.1.0 <=0.1.1), com.diffplug.atplug:com.diffplug.atplug.gradle.plugin (>=0.1.0 <=0.1.1) +50 more potentially affected by CVE-2022-26049 via com.diffplug.gradle:goomph (>=2.0.0 <=3.37.1)

com.diffplug.gradle:goomph MAVEN version =2.0.0, =0.1.0, =0.1.0, =3.32.0, =3.21.0, =3.21.0, =3.21.0, =3.21.0, =3.21.0, =3.21.0, =2.0.0, =3.16.0, =3.18.0 - com.diffplug.gradle.eclipse.excludebuildfolder:com.diffplug.gradle.eclipse.excludebuildfolder.gradle.plugin...

GHSA-P2F7-9CV7-JJF6 Goomph before 3.37.2 allows malicious zip file to write contents to arbitrary locations

This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an attacker to achieve...

Unable to use managed-app-utility.jar from MAM-SDK with Java 11

Building a custom app using Java 11 or later, the gradle build chain fails when invoking the final stage "task generateMdx" as the jar file for this stage requiresJava 1.7/1.8 Java/JDK 8...

This Week in Spring - August 16th, 2022

Hi, Spring fans! Welcome to another wonder-filled installment of This Week in Spring! Its been a week! Sometimes I can scarcely believe it myself. And can you believe its August 16th already?? My daughters starting school this week! Were in the northern hemisphere, and Summer break is already ove...

au.net.causal.maven.plugins:boxdb-maven-plugin (=3.2), co.elastic.docker-base:co.elastic.docker-base.gradle.plugin (>=0.0.1 <=0.0.5) +78 more potentially affected by CVE-2022-25914 via com.google.cloud.tools:jib-core (>=0.10.0 <=0.21.0)

com.google.cloud.tools:jib-core MAVEN version =0.10.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.1.0, =1.0, =0.4.0, =0.34.0, =4.3.0, =4.3.0, =4.3.0, =4.3.0, =4.3.0, =4.3.0, =4.4.2 and more Source cves: CVE-2022-25914 Source advisory: SNYK:JAVA-COMGOOGLECLOUDTOOLS-2968871...

CVE-2022-31156

Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that...

CVE-2022-31156

Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that...