Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2022-27225

Published: 16/03/2022 Updated: 22/03/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Gradle

Vulnerability Summary

Gradle Enterprise prior to 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safari versions, Keycloak sets a duplicate of the cookie without the Secure attribute, which allows the cookie to be sent when accessing the location that cookie is set for via HTTP. This creates the potential for an attacker (with the ability to impersonate the Gradle Enterprise host) to capture the login session of a user by having them click an link to the server, despite the real server requiring HTTPS.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gradle enterprise

Github Repositories

https://github.com/meddlin/epss-browser

A frontend for exploring CVE data in the EPSS Model.

EPSS Browser "The EPSS (Exploit Prediction Scoring System) Model is an open, data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild" Traditionally, security teams spend a lot of time reporting and acting on CVSS scores for specific CVEs Disclosing these vulnerabilities is important, and scoring thei

https://github.com/PowerCommands/SecTools

PainKiller Security Tools

PainKiller Security Tools This repo contains a Power Command Console project that combines CycloneDX and Dependency Track to let you create SBOM files from git repos and import them in to OWASP Dependency Track which gives you a nice GUI where you can analyze your repos vulnerabilities There is also a command to get a Exploit Prediction score (EPSS) with a CVE as input That

References

CWE-311https://security.gradle.com/advisory/2022-03https://nvd.nist.govhttps://github.com/meddlin/epss-browser
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook