Gradle Security Vulnerabilities and Issues — Gradle CVE List

Lucene search

GradleGradle

6 matches found

CVE•added 2020/10/01 8:15 p.m.•274 views

CVE-2020-11979

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effor...

7.5CVSS6.9AI score0.00591EPSS

CVE•added 2022/02/10 8:15 p.m.•105 views

CVE-2022-23630

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled on...

7.5CVSS7.5AI score0.00611EPSS

CVE•added 2022/06/06 7:15 p.m.•58 views

CVE-2022-30586

Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution.

7.2CVSS7.2AI score0.01105EPSS

CVE•added 2021/09/24 3:15 p.m.•38 views

CVE-2021-41586

In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password.

7.5CVSS7.4AI score0.00195EPSS

CVE•added 2021/09/24 3:15 a.m.•32 views

CVE-2021-41584

Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header.

7.5CVSS7.4AI score0.00511EPSS

CVE•added 2021/09/24 3:15 p.m.•32 views

CVE-2021-41587

In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources.

7.5CVSS7.5AI score0.00276EPSS