Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

864 matches found

Cvelist
Cvelistadded 2022/03/17 4:24 p.m.13 views

CVE-2022-25364

In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as par...

8.3AI score0.00977EPSS
Exploits0References2
AlpineLinux
AlpineLinuxadded 2022/03/17 4:24 p.m.45 views

CVE-2022-25364

In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as par...

9.3CVSS3.2AI score0.00977EPSS
Exploits0References2
CNNVD
CNNVDadded 2022/03/17 12:0 a.m.2 views

Gradle 安全漏洞

Gradle is the U.S. Gradle company's set of JVM-based project build tool , it supports maven, Ivy repository and so on. Gradle Enterprise prior to 2021.4.2 suffers from a security vulnerability that stems from the default built-in build cache configuration allowing anonymous write access. If this...

9.3CVSS5.8AI score0.00977EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2022/03/17 12:0 a.m.5 views

PT-2022-17242 · Gradle · Gradle Enterprise

Name of the Vulnerable Software and Affected Versions: Gradle Enterprise versions prior to 2021.4.2 Description: The default built-in build cache configuration in Gradle Enterprise allowed anonymous write access, potentially enabling a malicious actor with network access to populate the cache wit...

9.3CVSS8.1AI score0.00977EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2022/03/16 1:15 a.m.0 views

CVE-2022-27225

Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safar...

6.5CVSS5.9AI score0.00519EPSS
Exploits0References2
OSV
OSVadded 2022/03/16 1:15 a.m.1 views

CVE-2022-27225

Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safar...

6.5CVSS5.8AI score
Exploits0References1
NVD
NVDadded 2022/03/16 1:15 a.m.8 views

CVE-2022-27225

Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safar...

6.5CVSS0.00519EPSS
Exploits0References1
CVE
CVEadded 2022/03/16 12:10 a.m.92 views

CVE-2022-27225

Gradle Enterprise before 2021.4.3 is affected by a session‑level vulnerability related to Keycloak cookies. During sign‑in, Keycloak sets cookies that effectively enable remember‑me functionality; for older Safari versions, a duplicate cookie is created without the Secure attribute. This allows t...

6.5CVSS6.3AI score0.00519EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2022/03/16 12:10 a.m.18 views

CVE-2022-27225

Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safar...

6.5AI score0.00519EPSS
Exploits0References1
CNNVD
CNNVDadded 2022/03/15 12:0 a.m.2 views

Gradle 信息泄露漏洞

Gradle is a set of JVM-based project building tools from Gradle, Inc. that supports maven, Ivy repositories, and more. Gradle Enterprise suffers from a security vulnerability that stems from the fact that during the login process, Keycloak sets a browser cookie that effectively provides remember-...

6.5CVSS6.5AI score0.00519EPSS
Exploits0References4
OSV
OSVadded 2022/02/26 12:0 a.m.32 views

GHSA-2QP4-G3Q3-F92W Improper Locking in JetBrains Kotlin

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects...

5.3CVSS6.2AI score0.02196EPSS
Exploits0References6
Github Security Blog
Github Security Blogadded 2022/02/26 12:0 a.m.32 views

Improper Locking in JetBrains Kotlin

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects...

5.3CVSS2.2AI score0.02196EPSS
Exploits0References6Affected Software1
NVD
NVDadded 2022/02/25 3:15 p.m.21 views

CVE-2022-24329

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects...

5.3CVSS0.02196EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2022/02/25 3:15 p.m.3 views

CVE-2022-24329

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects...

5.3CVSS6.7AI score0.02196EPSS
Exploits0References5
OSV
OSVadded 2022/02/25 3:15 p.m.5 views

CVE-2022-24329

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects...

5.3CVSS5.1AI score
Exploits0References4
UbuntuCve
UbuntuCveadded 2022/02/25 3:15 p.m.50 views

CVE-2022-24329

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects...

5.3CVSS6.8AI score0.02196EPSS
Exploits0References2
Prion
Prionadded 2022/02/25 3:15 p.m.24 views

Code injection

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects...

5CVSS6.5AI score0.02196EPSS
Exploits0References4Affected Software3
OSV
OSVadded 2022/02/25 3:15 p.m.0 views

UBUNTU-CVE-2022-24329

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects...

5.3CVSS6.8AI score0.02196EPSS
Exploits0References3
CVE
CVEadded 2022/02/25 2:35 p.m.411 views

CVE-2022-24329

CVE-2022-24329 affects JetBrains Kotlin prior to 1.6.0. The issue is that dependencies for Multiplatform Gradle Projects could not be locked, per the description. The connected documents do not provide details on exploit methods, affected products beyond Kotlin/Gradle Multiplatform usage, or quan...

5.3CVSS5.4AI score0.02196EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2022/02/25 2:35 p.m.25 views

CVE-2022-24329

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects...

7.4AI score0.02196EPSS
Exploits0References4
Rows per page
Query Builder