CVE-2023-49238
https://notcve.org/view.php?id=CVE-2023-49238
In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in before the legitimate administrator logs in. En Gradle Enterprise anterior a 2023.1, un atacante remoto podría obtener acceso a una nueva instalación (en ciertos escenarios de instalación) debido a una contraseña de usuario inicial del sistema no única. Aunque esta contraseña debe cambiarse en el primer inicio de sesión, es posible que un atacante inicie sesión antes que el administrador legítimo. • https://security.gradle.com https://security.gradle.com/advisory/2023-01 https://security.netapp.com/advisory/ntap-20240216-0003 • CWE-521: Weak Password Requirements •
CVE-2022-25364
https://notcve.org/view.php?id=CVE-2022-25364
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as part of a build. As of 2021.4.2, the built-in build cache is inaccessible-by-default, requiring explicit configuration of its access-control settings before it can be used. (Remote build cache nodes are unaffected as they are inaccessible-by-default.) En Gradle Enterprise versiones anteriores a 2021.4.2, la configuración por defecto de la caché de construcción incorporada permitía el acceso anónimo de escritura. • https://security.gradle.com https://security.gradle.com/advisory/2022-02 • CWE-276: Incorrect Default Permissions •
CVE-2022-27225
https://notcve.org/view.php?id=CVE-2022-27225
Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safari versions, Keycloak sets a duplicate of the cookie without the Secure attribute, which allows the cookie to be sent when accessing the location that cookie is set for via HTTP. This creates the potential for an attacker (with the ability to impersonate the Gradle Enterprise host) to capture the login session of a user by having them click an http:// link to the server, despite the real server requiring HTTPS. • https://security.gradle.com/advisory/2022-03 • CWE-311: Missing Encryption of Sensitive Data •
CVE-2021-41589
https://notcve.org/view.php?id=CVE-2021-41589
In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to the configuration user interface and anonymous write access to the build cache. If access control to the build cache is not changed from the default open configuration, a malicious actor with network access can populate the cache with manipulated entries that may execute malicious code as part of a build process. This applies to the build cache provided with Gradle Enterprise and the separate build cache node service if used. If access control to the user interface is not changed from the default open configuration, a malicious actor can undo build cache access control in order to populate the cache with manipulated entries that may execute malicious code as part of a build process. • https://security.gradle.com https://security.gradle.com/advisory/2021-06 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2020-15773
https://notcve.org/view.php?id=CVE-2020-15773
An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data in the Export API, an attacker can access data as a user (for the duration of the browser session) after previously explicitly authenticating with the API. Se detectó un problema en Gradle Enterprise versiones anteriores a 2020.2.4. Debido a unas peticiones de origen cruzado no restringidas para datos de solo lectura en la API Export, un atacante puede acceder a los datos como un usuario (durante la duración de la sesión del navegador) después de autenticarse previamente explícitamente con la API • https://github.com/gradle/gradle/security/advisories https://security.gradle.com/advisory/CVE-2020-15773 • CWE-346: Origin Validation Error •