Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gradle gradle vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2021-29429
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an malicious user to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourc...
Gradle Gradle
Quarkus Quarkus
9.8
CVSSv3
CVE-2021-41589
In Gradle Enterprise prior to 2021.3 (and Enterprise Build Cache Node prior to 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to the configuration use...
Gradle Build Cache Node
Gradle Enterprise
9.8
CVSSv3
CVE-2019-11403
In Gradle Enterprise prior to 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page.
Gradle Enterprise
Gradle Build Cache Node
7.5
CVSSv3
CVE-2020-15768
An issue exists in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection in Gradle Enterprise allows remote malicious users to obtain authentication cookies, if they are able to discover a separate XSS vulnerabil...
Gradle Enterprise Cache Node
Gradle Enterprise
7.5
CVSSv3
CVE-2020-15771
An issue exists in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. Cross-site transmission of cookie containing CSRF token allows remote malicious user to bypass CSRF mitigation.
Gradle Enterprise 2018.2
Gradle Enterprise Cache Node 4.1
5.9
CVSSv3
CVE-2019-11065
Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.
Gradle Gradle
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
9.8
CVSSv3
CVE-2022-27919
Gradle Enterprise prior to 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API.
Gradle Enterprise
8.1
CVSSv3
CVE-2022-25364
In Gradle Enterprise prior to 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute ma...
Gradle Enterprise
6.5
CVSSv3
CVE-2022-27225
Gradle Enterprise prior to 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibili...
Gradle Enterprise
2 Github repositories
5.3
CVSSv3
CVE-2021-41590
In Gradle Enterprise up to and including 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators allows testing the configured SMTP server settings. This test functi...
Gradle Enterprise
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »