Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gradle gradle vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-15776
An issue exists in Gradle Enterprise 2018.2 - 2020.2.4. The CSRF prevention token is stored in a request cookie that is not annotated as HttpOnly. An attacker with the ability to execute arbitrary code in a user's browser could impose an arbitrary value for this token, allow...
Gradle Enterprise
8.1
CVSSv3
CVE-2023-35947
Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwrit...
Gradle Gradle
8.1
CVSSv3
CVE-2022-25364
In Gradle Enterprise prior to 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute ma...
Gradle Enterprise
8.1
CVSSv3
CVE-2021-41588
In Gradle Enterprise prior to 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys.
Gradle Gradle
8.1
CVSSv3
CVE-2019-10103
JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101.
Jetbrains Kotlin
7.8
CVSSv3
CVE-2022-48431
In JetBrains IntelliJ IDEA prior to 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation.
Jetbrains Intellij Idea
7.8
CVSSv3
CVE-2021-29428
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly delet...
Gradle Gradle
Quarkus Quarkus
7.8
CVSSv3
CVE-2020-15777
An issue exists in the Maven Extension plugin prior to 1.6 for Gradle Enterprise. The extension uses a socket connection to send serialized Java objects. Deserialization is not restricted to an allow-list, thus allowing an malicious user to achieve code execution via a malicious ...
Gradle Maven
7.5
CVSSv3
CVE-2023-5720
A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an malicious user to access potentially sensitive information from the build system within the applica...
Quarkus Quarkus 3.0.0
Quarkus Quarkus
3 Github repositories
7.5
CVSSv3
CVE-2022-41575
A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 up to and including 2022.3.3 allows remote malicious users to access a subset of application data (e.g., cleartext credentials). This is fixed in 2022.3.3.
Gradle Enterprise
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »