CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27148 – Gradle vulnerable to local privilege escalation through system temporary directory
https://notcve.org/view.php?id=CVE-2025-27148
25 Feb 2025 — Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. Gradle builds that rely on versions of net.rubygrapefruit:native-platform prior to 0... • https://en.wikipedia.org/wiki/Fstab#Options_common_to_all_filesystems • CWE-378: Creation of Temporary File With Insecure Permissions CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46881
https://notcve.org/view.php?id=CVE-2024-46881
26 Jan 2025 — Develocity (formerly Gradle Enterprise) before 2024.1.8 has Incorrect Access Control. Project-level access control configuration was introduced in Enterprise Config schema version 8. Migration functionality from schema version 8 to versions 9 and 10 (in affected vulnerable versions) does not include the projects section of the configuration. This leads to all of the project settings being reset to their defaults when the old schema is loaded. In the case of projects.enabled, the default is false. • https://security.gradle.com/advisory/2024-03 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24858
https://notcve.org/view.php?id=CVE-2025-24858
26 Jan 2025 — Develocity (formerly Gradle Enterprise) before 2024.3.1 allows an attacker who has network access to a Develocity server to obtain the hashed password of the system user. The hash algorithm used by Develocity was chosen according to best practices for password storage and provides some protection against brute-force attempts. The applicable severity of this vulnerability depends on whether a Develocity server is accessible by external or unauthorized users, and the complexity of the System User password. • https://security.gradle.com/advisory/2025-01 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49238
https://notcve.org/view.php?id=CVE-2023-49238
09 Jan 2024 — In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in before the legitimate administrator logs in. En Gradle Enterprise anterior a 2023.1, un atacante remoto podría obtener acceso a una nueva instalación (en ciertos escenarios de instalación) debido a una contraseña de us... • https://security.gradle.com • CWE-521: Weak Password Requirements •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-42445 – Possible local file exfiltration by XML External entity injection
https://notcve.org/view.php?id=CVE-2023-42445
06 Oct 2023 — Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. • https://github.com/gradle/gradle/releases/tag/v7.6.3 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-44387 – Gradle has incorrect permission assignment for symlinked files used in copy or archiving operations
https://notcve.org/view.php?id=CVE-2023-44387
05 Oct 2023 — Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depen... • https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-35946 – Dependency cache path traversal in Gradle
https://notcve.org/view.php?id=CVE-2023-35946
30 Jun 2023 — Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to write files into an unintended location. The file may be written outside the dependency cache or over another file in the dependency cache. This vulnerability could be used to poison the dependency cache or overwrite im... • https://docs.gradle.org/current/userguide/dependency_verification.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-35947 – Path traversal vulnerabilities in handling of Tar archives in Gradle
https://notcve.org/view.php?id=CVE-2023-35947
30 Jun 2023 — Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this be... • https://github.com/gradle/gradle/commit/1096b309520a8c315e3b6109a6526de4eabcb879 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30853 – Gradle Build Action data written to GitHub Actions Cache may expose secrets
https://notcve.org/view.php?id=CVE-2023-30853
28 Apr 2023 — Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration cache enabled, potentially exposing secrets configured for the repository. Secrets configured for GitHub Actions are normally passed to the Gradle Build Tool via environment variables. Due to the way that the Gradle Build Tool records these environment variable... • https://github.com/gradle/gradle-build-action/releases/tag/v2.4.2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-26053 – Gradle usage of long IDs for PGP keys opens potential for collision attacks
https://notcve.org/view.php?id=CVE-2023-26053
02 Mar 2023 — Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs (64bits) for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a `trusted-key` or `pgp` element in their dependency verification metadata file. The fix is to fail dependency verification if anything but a fingerprint is used in a trust element in dependency verification metadata. The problem is fixed in Gradle 8.0 an... • https://github.com/gradle/gradle/commit/bf3cc0f2b463033037e67aaacda31291643ea1a9 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •