Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gradle enterprise vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-49238
In Gradle Enterprise prior to 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an a...
Gradle Enterprise
NA
CVE-2023-4759
Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit ...
Eclipse Jgit
3 Github repositories
NA
CVE-2022-41575
A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 up to and including 2022.3.3 allows remote malicious users to access a subset of application data (e.g., cleartext credentials). This is fixed in 2022.3.3.
Gradle Enterprise
NA
CVE-2022-41574
An access-control vulnerability in Gradle Enterprise 2022.4 up to and including 2022.3.1 allows remote malicious users to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to a...
Gradle Enterprise
5
CVSSv2
CVE-2022-30587
Gradle Enterprise up to and including 2022.2.2 has Incorrect Access Control that leads to information disclosure.
Gradle Gradle Enterprise
6.5
CVSSv2
CVE-2022-30586
Gradle Enterprise up to and including 2022.2.2 has Incorrect Access Control that leads to code execution.
Gradle Gradle
7.5
CVSSv2
CVE-2022-1388
On F5 BIG-IP 16.1.x versions before 16.1.2.2, 15.1.x versions before 15.1.5.1, 14.1.x versions before 14.1.4.6, 13.1.x versions before 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reac...
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
82 Github repositories
4 Articles
7.5
CVSSv2
CVE-2022-27919
Gradle Enterprise prior to 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API.
Gradle Enterprise
9.3
CVSSv2
CVE-2022-25364
In Gradle Enterprise prior to 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute ma...
Gradle Enterprise
4.3
CVSSv2
CVE-2022-27225
Gradle Enterprise prior to 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibili...
Gradle Enterprise
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »