gradle vulnerabilities and exploits

(subscribe to this query)

In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an malicious user to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourc...

Gradle Gradle Quarkus Quarkus

In Gradle Enterprise prior to 2021.3 (and Enterprise Build Cache Node prior to 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to the configuration use...

Gradle Build Cache Node Gradle Enterprise

An issue exists in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection in Gradle Enterprise allows remote malicious users to obtain authentication cookies, if they are able to discover a separate XSS vulnerabil...

Gradle Enterprise Gradle Enterprise Cache Node

In Gradle Enterprise prior to 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page.

Gradle Build Cache Node Gradle Enterprise

An issue exists in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. Cross-site transmission of cookie containing CSRF token allows remote malicious user to bypass CSRF mitigation.

Gradle Enterprise 2018.2 Gradle Enterprise Cache Node 4.1

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.

Gradle Gradle Fedoraproject Fedora 28 Fedoraproject Fedora 29 Fedoraproject Fedora 30

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initializ...

Gradle Enterprise prior to 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API.

Gradle Enterprise

In Gradle Enterprise prior to 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an a...

Gradle Enterprise

In Gradle Enterprise up to and including 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators allows testing the configured SMTP server settings. This test functi...

Gradle Enterprise

« PREV 1 2 3 4 5 6 7 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook