CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-15052
https://notcve.org/view.php?id=CVE-2019-15052
14 Aug 2019 — The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007. El cliente HTTP en Gradle en versiones anteriores a la 5.6 envía las credenciales de autenticación destinadas originalmente para el host configurado. Si ese host devuelve una redirección 30x, Gradle también envía esas credenciales a... • https://github.com/gradle/gradle/issues/10278 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2019-11065
https://notcve.org/view.php?id=CVE-2019-11065
09 Apr 2019 — Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site. Gradle versiones desde la 1.4 hasta la 5.3.1 utilizan una HTTP URL insegura, para descargar dependencias cuando se utilizan los plugins JavaScript o CoffeeScript Gradle incorporados. Los artefactos de dependencia podrían haber sido malici... • https://github.com/gradle/gradle/pull/8927 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-9843
https://notcve.org/view.php?id=CVE-2019-9843
15 Mar 2019 — In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and before 3.20.0 (Gradle plugin), the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. For example, this allows disclosure of file contents to a MITM attacker if a victim performs a spotlessApply operation on an untrusted XML file. En DiffPlug Spotless en versiones anteriores a 1.20.0 (library and Maven plugin) y anteriores a 3.20.0 (Gradle plugin), el analizador XML reso... • https://github.com/diffplug/spotless/blob/master/plugin-gradle/CHANGES.md#version-3200---march-11th-2018-javadoc-jcenter • CWE-611: Improper Restriction of XML External Entity Reference •