CVE-2019-10103

JetBrains IntelliJ IDEA projects created using the Kotlin JS Client/JVM Server IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101...

CVE-2019-10103

CVE-2019-10103 : Kotlin/IntelliJ template misuse allowed Gradle artifacts to be resolved over http, enabling MITM risk. Root cause: Kotlin plugin used non-secure http for artifact resolution in the Kotlin (JS Client/JVM Server) IDE Template. Impact described as insecure Gradle fetch during builds...

CVE-2019-10103

Removed by vendor...

PT-2019-11552 · Jetbrains · Kotlin +1

Name of the Vulnerable Software and Affected Versions: JetBrains IntelliJ IDEA versions prior to Kotlin plugin version 1.3.30 Description: The issue allows for a potential MITM attack due to JetBrains IntelliJ IDEA projects created using the Kotlin JS Client/JVM Server IDE Template resolving Grad...

CVE-2019-9843

In DiffPlug Spotless before 1.20.0 library and Maven plugin and before 3.20.0 Gradle plugin, the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. For example, this allows disclosure of file contents to a MITM attacker if a...

Internet Bug Bounty: Industry-Wide MITM Vulnerability Impacting the JVM Ecosystem

I've been exploring the industry-wide scope of the use of HTTP to resolve dependencies in build infrastructure across the industry. What I unearthed was that some of the most popular libraries and two compilers were impacted by this vulnerability. Vulnerability CWE-829: Inclusion of Functionality...

CVE-2019-10324

CVE-2019-10324 concerns the Jenkins Artifactory Plugin (versions 3.2.2 and earlier). The vulnerability is a cross-site request forgery (CSRF) affecting multiple release-related actions: ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedPromoteBu...

Fedora Update for gradle FEDORA-2019-a9c15101fb

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 29 Update: gradle-4.3.1-9.fc29

Gradle is build automation evolved. Gradle can automate the building, testing, publishing, deployment and more of software packages or other types of projects such as generated static websites, generated documentation or indeed anything else. Gradle combines the power and flexibility of Ant with...

com.bytekast.serverless-local-apigateway:com.bytekast.serverless-local-apigateway.gradle.plugin (>=0.4 <=0.5), gradle.plugin.com.bytekast:serverless-local-apigateway (>=0.4 <=0.5) +1 more potentially affected by CVE-2019-11808 via io.ratpack:ratpack-groovy (>=0.9.0 <=1.6.0)

io.ratpack:ratpack-groovy MAVEN version =0.9.0, =0.4, =0.4, =0.9.0, =1.10.0-milestone-39 Source cves: CVE-2019-11808 Source advisory: OSV:GHSA-54MG-VGRP-MWX9...

[SECURITY] Fedora 28 Update: gradle-4.3.1-9.fc28

Gradle is build automation evolved. Gradle can automate the building, testing, publishing, deployment and more of software packages or other types of projects such as generated static websites, generated documentation or indeed anything else. Gradle combines the power and flexibility of Ant with...

Fedora 28 : gradle (2019-902786bc1e)

Fixes CVE-2019-11065 security vulnerability Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...

Fedora Update for gradle FEDORA-2019-902786bc1e

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2019-11403

In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page...

CVE-2019-11402

In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format...

CVE-2019-11403

In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page...

CVE-2019-11404

arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts for compiling and building the published JARs over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack...

CVE-2019-11402

In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format...

CVE-2019-11404

arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts for compiling and building the published JARs over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack...

Format string

In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format...