CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31156 – Gradle's dependency verification can ignore checksum verification when signature verification cannot be performed
https://notcve.org/view.php?id=CVE-2022-31156
Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This can occur in two ways. When signature verification is disabled but the verification metadata contains entries for dependencies that only have a `gpg` element but no `checksum` element. • https://docs.gradle.org/7.5/release-notes.html https://github.com/gradle/gradle/security/advisories/GHSA-j6wc-xfg8-jx2j • CWE-347: Improper Verification of Cryptographic Signature CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23630 – Dependency verification bypass in Gradle
https://notcve.org/view.php?id=CVE-2022-23630
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled on one or more configurations and those configurations have common dependencies with other configurations that have dependency verification enabled. If the configuration that has dependency verification disabled is resolved first, Gradle does not verify the common dependencies for the configuration that has dependency verification enabled. Gradle 7.4 fixes that issue by validating artifacts at least once if they are present in a resolved configuration that has dependency verification active. • https://docs.gradle.org/7.4/release-notes.html https://github.com/gradle/gradle/commit/88ab9b652933bc3b2e3161b31ad8b8f4f0516351 https://github.com/gradle/gradle/security/advisories/GHSA-9pf5-88jw-3qgr • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 8.5EPSS: 1%CPEs: 1EXPL: 3CVE-2021-32751 – Arbitrary code execution via specially crafted environment variables
https://notcve.org/view.php?id=CVE-2021-32751
Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user running the script. This may impact those who use `gradlew` on Unix-like systems or use the scripts generated by Gradle in thieir application on Unix-like systems. For this vulnerability to be exploitable, an attacker needs to be able to set the value of particular environment variables and have those environment variables be seen by the vulnerable scripts. This issue has been patched in Gradle 7.2 by removing the use of `eval` and requiring the use of the `bash` shell. • https://github.com/gradle/gradle/security/advisories/GHSA-6j2p-252f-7mw8 https://medium.com/dot-debug/the-perils-of-bash-eval-cc5f9e309cae https://mywiki.wooledge.org/BashFAQ/048 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-29427 – Repository content filters do not work in Settings pluginManagement
https://notcve.org/view.php?id=CVE-2021-29427
In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies. This feature was introduced in the wake of the "A Confusing Dependency" blog post. In some cases, Gradle may ignore content filters and search all repositories for dependencies. This only occurs when repository content filtering is used from within a `pluginManagement` block in a settings file. • https://docs.gradle.org/7.0/release-notes.html#security-advisories https://github.com/gradle/gradle/security/advisories/GHSA-jvmj-rh6q-x395 https://access.redhat.com/security/cve/CVE-2021-29427 https://bugzilla.redhat.com/show_bug.cgi?id=1949638 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-29428 – Local privilege escalation through system temporary directory
https://notcve.org/view.php?id=CVE-2021-29428
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the "sticky" bit set on your system temporary directory, you are not vulnerable. • https://docs.gradle.org/7.0/release-notes.html#security-advisories https://github.com/gradle/gradle/pull/15240 https://github.com/gradle/gradle/pull/15654 https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336 https://access.redhat.com/security/cve/CVE-2021-29428 https://bugzilla.redhat.com/show_bug.cgi?id=1949643 • CWE-276: Incorrect Default Permissions CWE-378: Creation of Temporary File With Insecure Permissions CWE-379: Creation of Temporary File in Directory with Insecure Permissions •