Enterprise Security Vulnerabilities and Issues — Enterprise CVE List

Lucene search

GradleEnterprise

5 matches found

CVE•added 2022/03/16 1:15 a.m.•79 views

CVE-2022-27225

Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safari ...

6.5CVSS6.3AI score0.00187EPSS

CVE•added 2022/03/17 5:15 p.m.•75 views

CVE-2022-25364

In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as part ...

9.3CVSS8.1AI score0.00301EPSS

CVE•added 2022/03/25 8:15 p.m.•69 views

CVE-2022-27919

Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API.

9.8CVSS9.7AI score0.02148EPSS

CVE•added 2022/10/21 12:15 p.m.•41 views

CVE-2022-41575

A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials). This is fixed in 2022.3.3.

7.5CVSS7.1AI score0.00191EPSS

CVE•added 2022/10/07 9:15 p.m.•31 views

CVE-2022-41574

An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpo...

7.5CVSS7.5AI score0.00167EPSS