Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gradle gradle vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-27225
Gradle Enterprise prior to 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibili...
Gradle Enterprise
2 Github repositories
6.5
CVSSv3
CVE-2021-21361
The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious a...
Vagrant Project Vagrant
6.5
CVSSv3
CVE-2021-26719
A directory traversal issue exists in Gradle gradle-enterprise-test-distribution-agent prior to 1.3.2, test-distribution-gradle-plugin prior to 1.3.2, and gradle-enterprise-maven-extension prior to 1.8.2. A malicious actor (with certain credentials) can perform a registration ste...
Gradle Enterprise Test Distribution Agent
Gradle Test Distribution
Gradle Maven
6.5
CVSSv3
CVE-2020-15773
An issue exists in Gradle Enterprise prior to 2020.2.4. Because of unrestricted cross-origin requests to read-only data in the Export API, an attacker can access data as a user (for the duration of the browser session) after previously explicitly authenticating with the API.
Gradle Enterprise
6.5
CVSSv3
CVE-2020-7599
All versions of com.gradle.plugin-publish prior to 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this ...
Gradle Plugin Publishing
6.5
CVSSv3
CVE-2019-10324
A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and previous versions in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedPromoteBuildAction#doSubmit allowed malicious users to schedule a release ...
Jfrog Artifactory
6.3
CVSSv3
CVE-2022-22984
The package snyk prior to 1.1064.0; the package snyk-mvn-plugin prior to 2.31.3; the package snyk-gradle-plugin prior to 3.24.5; the package @snyk/snyk-cocoapods-plugin prior to 2.5.3; the package snyk-sbt-plugin prior to 2.16.2; the package snyk-python-plugin prior to 1.24.2; th...
Snyk Snyk Cli
Snyk Snyk Maven Cli
Snyk Snyk Gradle Cli
Snyk Snyk Cocoapods Cli
Snyk Snyk Python Cli
Snyk Snyk Sbt Cli
Snyk Snyk Docker Cli
Snyk Snyk Hex Cli
6.1
CVSSv3
CVE-2020-15769
An issue exists in Gradle Enterprise 2020.2 - 2020.2.4. An XSS issue exists via the request URL.
Gradle Enterprise
5.9
CVSSv3
CVE-2019-16370
The PGP signing plugin in Gradle prior to 6.0 relies on the SHA-1 algorithm, which might allow an malicious user to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.
Gradle Gradle
5.9
CVSSv3
CVE-2019-11404
arrow-kt Arrow prior to 0.9.0 resolved Gradle build artifacts (for compiling and building the published JARs) over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack.
Arrow-kt Arrow
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »