3 results (0.003 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

09 Jan 2024 — In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in before the legitimate administrator logs in. En Gradle Enterprise anterior a 2023.1, un atacante remoto podría obtener acceso a una nueva instalación (en ciertos escenarios de instalación) debido a una contraseña de us... • https://security.gradle.com • CWE-521: Weak Password Requirements •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

21 Oct 2022 — A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials). This is fixed in 2022.3.3. Una vulnerabilidad de exposición de credenciales en el mecanismo de support-bundle en Gradle Enterprise versiones 2022.3 hasta 2022.3.3, permite a atacantes remotos acceder a un subconjunto de datos de la aplicación (por ejemplo, credenciales en texto sin cifrar). Esto ha sido ... • https://security.gradle.com • CWE-522: Insufficiently Protected Credentials •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

07 Oct 2022 — An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpoint. This is fixed in 2022.3.2. Una vulnerabilidad de control de acceso en Gradle Enterprise versiones 2022.4 hasta 2022.3.1 permite a atacantes remotos evitar que sean realizadas copias de seguridad y enviar corr... • https://security.gradle.com • CWE-863: Incorrect Authorization •