CVE-2023-30853 – Gradle Build Action data written to GitHub Actions Cache may expose secrets

https://notcve.org/view.php?id=CVE-2023-30853

28 Apr 2023 — Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration cache enabled, potentially exposing secrets configured for the repository. Secrets configured for GitHub Actions are normally passed to the Gradle Build Tool via environment variables. Due to the way that the Gradle Build Tool records these environment variable... • https://github.com/gradle/gradle-build-action/releases/tag/v2.4.2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •