CVE-2021-29429

In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded...

CVE-2021-29429

CVE-2021-29429 affects Gradle before version 7.0, where files created with open permissions in the system temporary directory during downloads via TextResourceFactory can leak information to other local users. The issue causes local information disclosure in some builds. From Gradle 7.0 onward, s...

Gradle 安全漏洞

Gradle is a set of JVM-based project building tools from the American company Gradle, which supports maven, Ivy repositories, and more. Gradle 7.0 version before the existence of a security vulnerability, the vulnerability stems from the system's temporary directory open permissions, an attacker...

PT-2021-18205 · Gradle +2 · Gradle +2

Name of the Vulnerable Software and Affected Versions: Gradle versions prior to 7.0 Description: The issue allows an attacker to access information downloaded by Gradle due to files created with open permissions in the system temporary directory. This can lead to a local information disclosure,...

GHSA-5MG8-W23W-74H3 vulnerabilities

Vulnerabilities for packages: debezium-connector-spanner, gradle, hadoop-client-modules, celeborn, cassandra-reaper, maven-stage0, spdx-tools-java...

GHSA-5MG8-W23W-74H3 vulnerabilities

Vulnerabilities for packages: debezium-connector-spanner, gradle, celeborn, spdx-tools-java, maven-stage0, cassandra-reaper...

USN-4858-1: Gradle vulnerabilities

It was discovered that Gradle used an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins were used. A remote unauthenticated attacker could possibly use this issue to perform a machine-in-the-middle attack. CVE-2019-11065 It was discovered that...

USN-4858-1 gradle vulnerabilities

It was discovered that Gradle used an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins were used. A remote unauthenticated attacker could possibly use this issue to perform a machine-in-the-middle attack. CVE-2019-11065 It was discovered that...

Information Disclosure

gradle-vagrant-plugin is vulnerable to information disclosure. The vulnerability exists as the values of environment variables are logged when environmentVariables are set, and when printCommandLineArgs in GDKExternalProcessExecutor.groovy is executed...

CVE-2021-21361

The com.bmuschko:gradle-vagrant-plugin Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixe...

CVE-2021-21361

The com.bmuschko:gradle-vagrant-plugin Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixe...

Information disclosure

The com.bmuschko:gradle-vagrant-plugin Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixe...

CVE-2021-21361 Sensitive information disclosure via log in com.bmuschko:gradle-vagrant-plugin

The com.bmuschko:gradle-vagrant-plugin Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixe...

CVE-2021-21361

The CVE-2021-21361 entry concerns the Gradle plugin com.bmuschko:gradle-vagrant-plugin, which exposes an information disclosure vulnerability by logging system environment variables when the plugin runs in public CI/CD environments. Affected component: the GDKExternalProcessExecutor.groovy flow a...

com.bmuschko.vagrant-base:com.bmuschko.vagrant-base.gradle.plugin (>=2.0 <=2.2.1), com.bmuschko.vagrant:com.bmuschko.vagrant.gradle.plugin (>=2.0 <=2.2.1) potentially affected by CVE-2021-21361 via com.bmuschko:gradle-vagrant-plugin (>=2.0 <=2.2.1)

com.bmuschko:gradle-vagrant-plugin MAVEN version =2.0, =2.0, =2.0, =2.2.1 Source cves: CVE-2021-21361 Source advisory: OSV:GHSA-JPCM-4485-69P7...

Sensitive information disclosure via log in com.bmuschko:gradle-vagrant-plugin

Impact The com.bmuschko:gradle-vagrant-plugin Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. Patch...

GHSA-JPCM-4485-69P7 Sensitive information disclosure via log in com.bmuschko:gradle-vagrant-plugin

Impact The com.bmuschko:gradle-vagrant-plugin Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. Patch...

Gradle 日志信息泄露漏洞

Gradle is a set of JVM-based project building tools from Gradle, Inc. that supports maven, Ivy repositories, and more. A log message disclosure vulnerability exists in the Gradle plugin's com.bmuschko:gradle-vagrant-plugin. When this Gradle plugin is executed in a public CI/CD, it results in the...

CVE-2021-26719

A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2. A malicious actor with certain credentials can perform a registration step such that craft...

CVE-2021-26719

A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2. A malicious actor with certain credentials can perform a registration step such that craft...