Gradle Security Vulnerabilities and Issues — Gradle CVE List

Lucene search

GradleGradle

4 matches found

CVE•added 2021/09/24 3:15 p.m.•38 views

CVE-2021-41586

In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password.

7.5CVSS7.4AI score0.00195EPSS

CVE•added 2021/09/24 3:15 a.m.•32 views

CVE-2021-41584

Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header.

7.5CVSS7.4AI score0.00511EPSS

CVE•added 2021/09/24 3:15 p.m.•32 views

CVE-2021-41587

In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources.

7.5CVSS7.5AI score0.00276EPSS

CVE•added 2021/09/24 3:15 p.m.•32 views

CVE-2021-41588

In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys.

8.1CVSS8AI score0.00194EPSS