864 matches found
gradle: information disclosure through temporary directory permissions
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded...
Moderate: Red Hat Security Advisory: Red Hat Integration Camel Extensions for Quarkus GA security update
Red Hat Integration Camel Extensions for Quarkus 2.2 is now GA. The purpose of this text-only errata is to inform you about the security issues fixed since the tech preview 2 release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability...
Gradle Remote Code Execution Vulnerability
Gradle is the U.S. Gradle company's set of JVM-based project build tool , it supports maven, Ivy repository and so on. A remote code execution vulnerability exists in Gradle Enterprise prior to 2021.1.2, which stems from the installation configuration user interface available to administrators...
CVE-2021-41619
An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup configuration. The installation configuration user interface available to administrators allows specifying arbitrary Java Virtual Machine startup options. Some of the...
CVE-2021-41589
In Gradle Enterprise before 2021.3 and Enterprise Build Cache Node before 10.0, there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to the configuration user interface and anonymo...
CVE-2021-41590
In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators allows testing the configured SMTP server settings. This test function can be used to identify th...
CVE-2021-41590
In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators allows testing the configured SMTP server settings. This test function can be used to identify th...
CVE-2021-41619
An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup configuration. The installation configuration user interface available to administrators allows specifying arbitrary Java Virtual Machine startup options. Some of the...
CVE-2021-41589
In Gradle Enterprise before 2021.3 and Enterprise Build Cache Node before 10.0, there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to the configuration user interface and anonymo...
Default configuration
In Gradle Enterprise before 2021.3 and Enterprise Build Cache Node before 10.0, there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to the configuration user interface and anonymo...
Design/Logic Flaw
In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators allows testing the configured SMTP server settings. This test function can be used to identify th...
Remote code execution
An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup configuration. The installation configuration user interface available to administrators allows specifying arbitrary Java Virtual Machine startup options. Some of the...
CVE-2021-41589
Affected software: Gradle Enterprise prior to 2021.3 and Enterprise Build Cache Node prior to 10.0. Vulnerability: Default configuration allows anonymous access to the configuration UI and anonymous write access to the build cache, enabling cache poisoning that may execute malicious code in a bui...
CVE-2021-41589
In Gradle Enterprise before 2021.3 and Enterprise Build Cache Node before 10.0, there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to the configuration user interface and anonymo...
CVE-2021-41619
The CVE affects Gradle Enterprise prior to 2021.1.2. The installation configuration UI allows administrators to specify arbitrary JVM startup options (e.g., -XX:OnOutOfMemoryError), which can be abused to execute commands on the host if an attacker gains admin access. Documented impact is potenti...
CVE-2021-41619
An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup configuration. The installation configuration user interface available to administrators allows specifying arbitrary Java Virtual Machine startup options. Some of the...
CVE-2021-41590
CVE-2021-41590 affects Gradle Enterprise up to version 2021.3. The issue arises from the SMTP configuration test exposed in the installation UI, which can be used to probe the server’s network environment by identifying listening TCP ports. This yields information about internal network topology,...
CVE-2021-41590
In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators allows testing the configured SMTP server settings. This test function can be used to identify th...
Gradle 代码注入漏洞
Gradle is the U.S. Gradle company's set of JVM-based project build tool , it supports maven, Ivy repository and so on. A remote code execution vulnerability exists in Gradle Enterprise prior to 2021.1.2, which stems from the installation configuration user interface available to administrators...
Gradle 安全漏洞
Gradle is a set of JVM-based project building tools from the US company Gradle, which supports maven, Ivy repositories and more. A security vulnerability exists in Gradle Enterprise that stems from a SMTP configuration test that can be used to probe the server-side network environment in Gradle...