6 matches found
CVE-2023-49238
In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation in certain installation scenarios because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in befor...
EUVD-2019-3080
Malware in sbrugna...
EUVD-2020-7752
Malware in sbrugna...
EUVD-2021-28603
Malicious code in bioql PyPI...
EUVD-2022-31734
Malicious code in bioql PyPI...
CVE-2020-15776
An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. The CSRF prevention token is stored in a request cookie that is not annotated as HttpOnly. An attacker with the ability to execute arbitrary code in a user's browser could impose an arbitrary value for this token, allowing them to...