CVE-2021-26719

A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2. A malicious actor with certain credentials can perform a registration step such that craft...

Directory traversal

A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2. A malicious actor with certain credentials can perform a registration step such that craft...

CVE-2021-26719

CVE-2021-26719 describes a directory traversal in Gradle-related components: gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2. A malicious actor with certain credentials can perform a registrat...

CVE-2021-26719

A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2. A malicious actor with certain credentials can perform a registration step such that craft...

Gradle path traversal vulnerability

Gradle is a set of JVM-based project build tools from the U.S. company Gradle, which supports maven, Ivy repositories and more. Multiple Gradle code repositories are vulnerable to a path traversal vulnerability that uses a carefully constructed tarball to extract to an arbitrary filesystem...

Android Studio Privilege Escalation

Video and POC here : https://www.youtube.com/watch?v=hAPkSGxh9H0 When you open a project in android studio, if gradle-wrapper.properties set distributionUrl=https:// services.gradle.org/distributions/gradle-2.6-all.zip , then android studio will download and extract gradle-2.6-all.zip, jar file i...

Security Bulletin: IBP javaenv and dind images

Summary Versions of IBP images javaenv and dind before 2.5.1 included a version of gradle that depended upon vulnerable Apache libraries. Gradle is a build system, intended to aid in building chaincode, though not required for building chaincode. Vulnerability Details CVEID: CVE-2020-1953...

Security Bulletin: Gradle version in IBP javaenv and dind images depends on vulnerable Apache Ant

Summary Versions of IBP images javaenv and dind before 2.5.1 release on 12082020 included a version of gradle that depended upon vulnerable Apache libraries. Gradle is a build system, intended to aid in building chaincode, though not required for building chaincode. Vulnerability Details CVEID:...

CVE-2020-8908 vulnerabilities

Vulnerabilities for packages: debezium-connector-spanner, gradle, hadoop-client-modules, celeborn, cassandra-reaper, maven-stage0, spdx-tools-java...

app.ariadust.dendrobium:app.ariadust.dendrobium.gradle.plugin (>=1.0.0 <=1.0.4), aspectj.AspectjGradlePlugin:aspectj.AspectjGradlePlugin.gradle.plugin (>=0.0.2 <=0.0.3) +3232 more potentially affected by CVE-2020-17521 via org.codehaus.groovy:groovy-all (>=2.0.0 <=2.4.20)

org.codehaus.groovy:groovy-all MAVEN version =2.0.0, =1.0.0, =0.0.2, =0.2.DEV, =0.2.DEV, =2.1.10, =2.0.0, =2.0.0, =3.5.4-rc.0, =3.5.9, =3.5.9, =3.5.15, =3.5.15, =3.6.0-rc.1 - au.com.dius:pact-jvm-consumer-junit2.10 =2.4.20 and more Source cves: CVE-2020-17521 Source advisory: OSV:GHSA-RCJJ-H6GH-J...

Security Bulletin: Upgrade javaenv:2.2 to address Gradle oauth authentication concerns.

Summary The version of Gradle shipped in the Fabric java chaincode environment image version 2.2. javaenv.2.2 depends on a vulnerable version of the google ouatth client. Vulnerability Details CVEID: CVE-2020-7692 DESCRIPTION: Google APIs google-oauth-java-client could allow a remote attacker to...

Gradle Enterprise Cross-Site Request Forgery Vulnerability (CNVD-2020-54143)

Gradle is a set of JVM-based project build tools , it supports maven, Ivy repository and so on. A cross-site request forgery vulnerability exists in Gradle Enterprise version 2018.2 and Build Cache Node version 4.1. The vulnerability stems from a WEB application that does not adequately validate...

Gradle Enterprise Export API Authentication Vulnerability

Gradle is a set of JVM-based project build tools , it supports maven, Ivy repository and so on. A security vulnerability exists in Gradle Enterprise prior to version 2020.2.4. The vulnerability stemmed from an unrestricted cross-domain request for read-only data in the Export API. An attacker...

Gradle Enterprise Cross-Site Request Forgery Vulnerability (CNVD-2020-53288)

Gradle is a set of JVM-based project build tools , it supports maven, Ivy repository and so on. A cross-site request forgery vulnerability exists in Gradle Enterprise prior to version 2020.2.5. The vulnerability stems from a WEB application that does not adequately validate that a request is comi...

Gradle Enterprise Cross-Site Scripting Vulnerability (CNVD-2020-53324)

Gradle is a set of JVM-based project build tools , it supports maven, Ivy repository and so on. A cross-site scripting vulnerability exists in Gradle Enterprise. The vulnerability stems from the ability to obtain authentication via the /info/headers, /cache-info/headers, /admin-info/headers,...

Gradle Enterprise Brute Force Password Guessing Vulnerability

Gradle is a set of JVM-based project build tools , it supports maven, Ivy repository and so on. A brute force password guessing vulnerability exists in Gradle Enterprise 2018.5. The vulnerability stems from not locking after too many failed login attempts. An attacker can use this vulnerability t...

Gradle Enterprise Code Issue Vulnerability

Gradle is a set of JVM-based project build tools , it supports maven, Ivy repository and so on. A security vulnerability exists in Gradle Enterprise versions 2018.5 through 2020.2.4. The vulnerability stems from a SAML IDP configuration via upload that has XXE with a generated SSRF.No detailed...

Gradle Enterprise Cross-Site Request Forgery Vulnerability

Gradle is a set of JVM-based project build tools , it supports maven, Ivy repository and so on. A cross-site request forgery vulnerability exists in Gradle Enterprise versions 2018.2 through 2020.2.4. The vulnerability stems from a WEB application that does not adequately validate that a request ...

Gradle Enterprise Information Disclosure Vulnerability

Gradle Enterprise improves developer productivity by speeding up builds, improving build reliability, and accelerating build debugging. An information disclosure vulnerability exists in Gradle Enterprise 2017.1 - 2020.2.4. The vulnerability stems from unrestricted access to the Advanced System...

Gradle Enterprise Session Reuse Vulnerability

Gradle Enterprise improves developer productivity by speeding up builds, improving build reliability, and accelerating build debugging. A session reuse vulnerability exists in Gradle Enterprise 2018.5 - 2020.2.4. The vulnerability stems from implicitly logging user login information. An attacker ...