CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-42445 – Possible local file exfiltration by XML External entity injection
https://notcve.org/view.php?id=CVE-2023-42445
06 Oct 2023 — Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. • https://github.com/gradle/gradle/releases/tag/v7.6.3 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-44387 – Gradle has incorrect permission assignment for symlinked files used in copy or archiving operations
https://notcve.org/view.php?id=CVE-2023-44387
05 Oct 2023 — Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depen... • https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39152
https://notcve.org/view.php?id=CVE-2023-39152
26 Jul 2023 — Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked (i.e., replaced with asterisks) in the build log in some circumstances. • http://www.openwall.com/lists/oss-security/2023/07/26/2 • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-35946 – Dependency cache path traversal in Gradle
https://notcve.org/view.php?id=CVE-2023-35946
30 Jun 2023 — Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to write files into an unintended location. The file may be written outside the dependency cache or over another file in the dependency cache. This vulnerability could be used to poison the dependency cache or overwrite im... • https://docs.gradle.org/current/userguide/dependency_verification.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-35947 – Path traversal vulnerabilities in handling of Tar archives in Gradle
https://notcve.org/view.php?id=CVE-2023-35947
30 Jun 2023 — Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this be... • https://github.com/gradle/gradle/commit/1096b309520a8c315e3b6109a6526de4eabcb879 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 3CVE-2021-32751 – Arbitrary code execution via specially crafted environment variables
https://notcve.org/view.php?id=CVE-2021-32751
20 Jul 2021 — Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user running the script. This may impact those who use `gradlew` on Unix-like systems or use the scripts generated by Gradle in thieir application on Unix-like systems. For this vulnerability to be exploitable, an attacker needs to be able... • https://github.com/gradle/gradle/security/advisories/GHSA-6j2p-252f-7mw8 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-29428 – Local privilege escalation through system temporary directory
https://notcve.org/view.php?id=CVE-2021-29428
13 Apr 2021 — In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are o... • https://docs.gradle.org/7.0/release-notes.html#security-advisories • CWE-276: Incorrect Default Permissions CWE-378: Creation of Temporary File With Insecure Permissions CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-29429 – Information disclosure through temporary directory permissions
https://notcve.org/view.php?id=CVE-2021-29429
12 Apr 2021 — In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system temporary directory first. Sensitive information contained in these files can be exposed to other local users on the same system. If you do not use the `TextResourceFactory` API, you are not vulnera... • https://docs.gradle.org/7.0/release-notes.html#security-advisories • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-377: Insecure Temporary File •
CVSS: 7.5EPSS: 0%CPEs: 71EXPL: 0CVE-2020-11979 – ant: insecure temporary file
https://notcve.org/view.php?id=CVE-2020-11979
01 Oct 2020 — As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process. Como mitigación para CVE-2020-1945, Apache Ant versión 1.10.8, cambió los permisos de los archivos temporales que creó ... • https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm • CWE-377: Insecure Temporary File CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16370
https://notcve.org/view.php?id=CVE-2019-16370
16 Sep 2019 — The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900. El plugin PGP signing en Gradle versiones anteriores a 6.0, se basa en el algoritmo SHA-1, lo que podría permitir a un atacante reemplazar un artefacto por otro diferente que tenga el mismo resumen de mensaje SHA-1, un problema relacionado con el CVE-2005-4900. • https://github.com/gradle/gradle/commit/425b2b7a50cd84106a77cdf1ab665c89c6b14d2f • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •