864 matches found
Gradle 安全漏洞
Gradle is a set of JVM-based project build tools from Gradle, Inc. that supports maven, Ivy repositories, and more. A security vulnerability exists in Gradle Enterprise that stems from Potential cache poisoning and remote code execution in Gradle Enterprise prior to 2021.3 and Enterprise Build...
Remote Code Execution (RCE)
Gradle is vulnerable to remote code execution. start scripts generated by the application plugin and the gradlew script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user running the script. This may impact those who use gradlew o...
Gradle Enterprise deserialization vulnerability
Gradle Enterprise improves developer productivity by accelerating builds, improving build reliability, and speeding up build debugging.A deserialization vulnerability exists in versions of Gradle Enterprise prior to 2021.1.3. An attacker could exploit this vulnerability to achieve remote code...
Gradle Enterprise server-side request forgery vulnerability
Gradle Enterprise improves developer productivity by accelerating builds, improving build reliability, and speeding up build debugging.A server-side request forgery vulnerability exists in versions of Gradle Enterprise prior to 2021.1.3. An attacker could use this vulnerability to discover...
Gradle Enterprise Server-Side Request Forgery Vulnerability (CNVD-2021-89947)
Gradle Enterprise improves developer productivity by accelerating builds, improving build reliability, and speeding up build debugging.A server-side request forgery vulnerability exists in versions of Gradle Enterprise prior to 2021.1.3. An attacker could use this vulnerability to reset system us...
Gradle Enterprise Information Disclosure Vulnerability (CNVD-2021-89946)
Gradle Enterprise can improve developer productivity by accelerating builds, improving build reliability, and speeding up build debugging. An attacker could exploit this vulnerability to obtain potentially sensitive build/configuration details via a specially crafted HTTP request with the...
CVE-2021-41586
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password...
CVE-2021-41588
In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys...
CVE-2021-41587
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources...
CVE-2021-41588
In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys...
CVE-2021-41587
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources...
CVE-2021-41586
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password...
Server side request forgery (ssrf)
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password...
Server side request forgery (ssrf)
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources...
CVE-2021-41586
The CVE-2021-41586 issue affects Gradle Enterprise versions prior to 2021.1.3. The root cause is a Server-Side Request Forgery (SSRF) vulnerability that can allow an attacker to reset the system user password, per multiple sources (including Red Hat and CVE discussions). The impact described is f...
CVE-2021-41586
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password...
CVE-2021-41587
In Gradle Enterprise prior to 2021.1.3, a Server-Side Request Forgery (SSRF) vulnerability could enable an attacker to discover credentials for other resources. Affected component is Gradle Enterprise server-side code handling SSRF. Consequences include potential credential exposure if SSRF is ex...
CVE-2021-41587
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources...
CVE-2021-41588
In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys...
CVE-2021-41588
CVE-2021-41588 affects Gradle Enterprise before 2021.1.3. A crafted HTTP request can trigger deserialization of arbitrary unsafe Java objects, with exploitation requiring access to the encryption and signing keys. Several sources indicate the issue may enable remote code execution and impacts pri...