Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gradle gradle vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2020-15767
An issue exists in Gradle Enterprise prior to 2020.2.5. The cookie used to convey the CSRF prevention token is not annotated with the “secure” attribute, which allows an attacker with the ability to MITM plain HTTP requests to obtain it, if the user mistakenly uses a ...
Gradle Enterprise
6.8
CVSSv3
CVE-2020-15774
An issue exists in Gradle Enterprise 2018.5 - 2020.2.4. An attacker with physical access to the browser of a user who has recently logged in to Gradle Enterprise and since closed their browser could reopen their browser to access Gradle Enterprise as that user.
Gradle Enterprise
7.5
CVSSv3
CVE-2020-15775
An issue exists in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time. This page is incorrectly viewable anonymously.
Gradle Enterprise
6.5
CVSSv3
CVE-2020-7599
All versions of com.gradle.plugin-publish prior to 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this ...
Gradle Plugin Publishing
5.5
CVSSv3
CVE-2020-15770
An issue exists in Gradle Enterprise 2018.5. An attacker can potentially make repeated attempts to guess a local user's password, due to lack of lock-out after excessive failed logins.
Gradle Enterprise 2018.5
6.5
CVSSv3
CVE-2023-30853
Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration cache enabled, potentially ex...
Gradle Build Action
6.5
CVSSv3
CVE-2023-39152
Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked (i.e., replaced with asterisks) in the build log in some circumstances.
Jenkins Gradle 2.8
7.5
CVSSv3
CVE-2019-9843
In DiffPlug Spotless prior to 1.20.0 (library and Maven plugin) and prior to 3.20.0 (Gradle plugin), the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. For example, this allows disclosure of file co...
Diffplug Gradle
Diffplug Maven
6.3
CVSSv3
CVE-2022-22984
The package snyk prior to 1.1064.0; the package snyk-mvn-plugin prior to 2.31.3; the package snyk-gradle-plugin prior to 3.24.5; the package @snyk/snyk-cocoapods-plugin prior to 2.5.3; the package snyk-sbt-plugin prior to 2.16.2; the package snyk-python-plugin prior to 1.24.2; th...
Snyk Snyk Cli
Snyk Snyk Maven Cli
Snyk Snyk Gradle Cli
Snyk Snyk Cocoapods Cli
Snyk Snyk Python Cli
Snyk Snyk Sbt Cli
Snyk Snyk Docker Cli
Snyk Snyk Hex Cli
5.9
CVSSv3
CVE-2005-4900
SHA-1 is not collision resistant, which makes it easier for context-dependent malicious users to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existen...
Google Chrome
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »