CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-42445 – Possible local file exfiltration by XML External entity injection
https://notcve.org/view.php?id=CVE-2023-42445
06 Oct 2023 — Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. • https://github.com/gradle/gradle/releases/tag/v7.6.3 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-44387 – Gradle has incorrect permission assignment for symlinked files used in copy or archiving operations
https://notcve.org/view.php?id=CVE-2023-44387
05 Oct 2023 — Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depen... • https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-35946 – Dependency cache path traversal in Gradle
https://notcve.org/view.php?id=CVE-2023-35946
30 Jun 2023 — Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to write files into an unintended location. The file may be written outside the dependency cache or over another file in the dependency cache. This vulnerability could be used to poison the dependency cache or overwrite im... • https://docs.gradle.org/current/userguide/dependency_verification.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-35947 – Path traversal vulnerabilities in handling of Tar archives in Gradle
https://notcve.org/view.php?id=CVE-2023-35947
30 Jun 2023 — Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this be... • https://github.com/gradle/gradle/commit/1096b309520a8c315e3b6109a6526de4eabcb879 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-26053 – Gradle usage of long IDs for PGP keys opens potential for collision attacks
https://notcve.org/view.php?id=CVE-2023-26053
02 Mar 2023 — Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs (64bits) for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a `trusted-key` or `pgp` element in their dependency verification metadata file. The fix is to fail dependency verification if anything but a fingerprint is used in a trust element in dependency verification metadata. The problem is fixed in Gradle 8.0 an... • https://github.com/gradle/gradle/commit/bf3cc0f2b463033037e67aaacda31291643ea1a9 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31156 – Gradle's dependency verification can ignore checksum verification when signature verification cannot be performed
https://notcve.org/view.php?id=CVE-2022-31156
14 Jul 2022 — Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This can occur in two ways. When signature verification is disabled but the verification metadata contains ... • https://docs.gradle.org/7.5/release-notes.html • CWE-347: Improper Verification of Cryptographic Signature CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23630 – Dependency verification bypass in Gradle
https://notcve.org/view.php?id=CVE-2022-23630
10 Feb 2022 — Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled on one or more configurations and those configurations have common dependencies with other configurations that have dependency verification enabled. If the configuration that has dependency verification disabled is ... • https://docs.gradle.org/7.4/release-notes.html • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 3CVE-2021-32751 – Arbitrary code execution via specially crafted environment variables
https://notcve.org/view.php?id=CVE-2021-32751
20 Jul 2021 — Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user running the script. This may impact those who use `gradlew` on Unix-like systems or use the scripts generated by Gradle in thieir application on Unix-like systems. For this vulnerability to be exploitable, an attacker needs to be able... • https://github.com/gradle/gradle/security/advisories/GHSA-6j2p-252f-7mw8 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-29427 – Repository content filters do not work in Settings pluginManagement
https://notcve.org/view.php?id=CVE-2021-29427
13 Apr 2021 — In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies. This feature was introduced in the wake of the "A Confusing Dependency" blog post. In some cases, Gradle may ignore content filters and search all repositories for dependencies. This only occurs when repository cont... • https://docs.gradle.org/7.0/release-notes.html#security-advisories • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-29428 – Local privilege escalation through system temporary directory
https://notcve.org/view.php?id=CVE-2021-29428
13 Apr 2021 — In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are o... • https://docs.gradle.org/7.0/release-notes.html#security-advisories • CWE-276: Incorrect Default Permissions CWE-378: Creation of Temporary File With Insecure Permissions CWE-379: Creation of Temporary File in Directory with Insecure Permissions •