864 matches found
Design/Logic Flaw
In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies...
Directory traversal
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreatin...
UBUNTU-CVE-2021-29428
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreatin...
CVE-2021-29427
In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies...
CVE-2021-29427 Repository content filters do not work in Settings pluginManagement
In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies...
CVE-2021-29427
CVE-2021-29427 affects Gradle when using repository content filtering inside a settings file, specifically within a pluginManagement block. Versions 5.1 up to before 7.0 may ignore content filters and search all repositories, potentially allowing information disclosure (external repository hints)...
CVE-2021-29428
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreatin...
CVE-2021-29428 Local privilege escalation through system temporary directory
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreatin...
CVE-2021-29428
CVE-2021-29428 affects Gradle before 7.0 on Unix-like systems. The system temporary directory could be created with open permissions, allowing multiple users to create and delete files, enabling local privilege escalation through rapid deletion/recreation of files during a build. Impacted scenari...
Gradle 安全漏洞
Gradle is a set of JVM-based project building tools from Gradle, Inc. that supports maven, Ivy repositories, and more. A security vulnerability exists in Gradle version 5.1 and prior to version 7.0, which could lead to information disclosure and/or dependency poisoning...
Gradle 安全漏洞
Gradle is a set of JVM-based project building tools from Gradle, Inc. that supports maven, Ivy repositories, and more. A security vulnerability exists in Gradle versions prior to 7.0 that allows multiple users to create system temporary directories by creating and deleting open permissions to fil...
PT-2021-18203 · Gradle · Gradle
Name of the Vulnerable Software and Affected Versions: Gradle versions 5.1 through 6.x Description: The issue can lead to information disclosure and/or dependency poisoning due to Gradle ignoring content filters and searching all repositories for dependencies when repository content filtering is...
PT-2021-18204 · Gradle +2 · Gradle +2
Name of the Vulnerable Software and Affected Versions: Gradle versions prior to 7.0 Description: The issue affects Gradle builds on Unix-like systems, where the system temporary directory can be created with open permissions, allowing multiple users to create and delete files within it. This can...
CVE-2021-29429
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded...
DEBIAN-CVE-2021-29429
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded...
CVE-2021-29429
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded...
CVE-2021-29429
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded...
CVE-2021-29429
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded...
Information disclosure
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded...
CVE-2021-29429 Information disclosure through temporary directory permissions
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded...