Enterprise Security Vulnerabilities and Issues — Enterprise CVE List

Lucene search

GradleEnterprise

4 matches found

CVE•added 2022/03/16 1:15 a.m.•79 views

CVE-2022-27225

Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safari ...

6.5CVSS6.3AI score0.00187EPSS

CVE•added 2020/09/18 2:15 p.m.•33 views

CVE-2020-15769

An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS issue exists via the request URL.

6.1CVSS5.9AI score0.00359EPSS

CVE•added 2020/09/18 3:15 p.m.•32 views

CVE-2020-15773

An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data in the Export API, an attacker can access data as a user (for the duration of the browser session) after previously explicitly authenticating with the API.

6.5CVSS6.3AI score0.00153EPSS

CVE•added 2020/09/18 2:15 p.m.•25 views

CVE-2020-15774

An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. An attacker with physical access to the browser of a user who has recently logged in to Gradle Enterprise and since closed their browser could reopen their browser to access Gradle Enterprise as that user.

6.8CVSS6.3AI score0.00135EPSS