Lucene search

K

7 matches found

CVE
CVE
added 2022/03/17 5:15 p.m.76 views

CVE-2022-25364

In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as part ...

9.3CVSS8.1AI score0.00301EPSS
CVE
CVE
added 2019/04/22 11:29 a.m.41 views

CVE-2019-11402

In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format.

9.8CVSS9.3AI score0.0034EPSS
CVE
CVE
added 2021/10/27 2:15 p.m.38 views

CVE-2021-41589

In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to the configuration user interface and anonymo...

9.8CVSS9.6AI score0.02448EPSS
CVE
CVE
added 2024/01/09 2:15 a.m.37 views

CVE-2023-49238

In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in befor...

9.8CVSS9.4AI score0.00822EPSS
CVE
CVE
added 2019/04/22 11:29 a.m.34 views

CVE-2019-11403

In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page.

9.8CVSS9.4AI score0.00346EPSS
CVE
CVE
added 2020/09/18 3:15 p.m.34 views

CVE-2020-15773

An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data in the Export API, an attacker can access data as a user (for the duration of the browser session) after previously explicitly authenticating with the API.

6.5CVSS6.3AI score0.00153EPSS
CVE
CVE
added 2020/09/18 2:15 p.m.33 views

CVE-2020-15767

An issue was discovered in Gradle Enterprise before 2020.2.5. The cookie used to convey the CSRF prevention token is not annotated with the “secure” attribute, which allows an attacker with the ability to MITM plain HTTP requests to obtain it, if the user mistakenly uses a HTTP instead of HTTPS add...

5.3CVSS5.1AI score0.00135EPSS