Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HGradle Enterprise
APPGradle2020.4 – 2021.4.3
Related vulnerabilities
Gradle Enterprise — domyślne nieunikalnie hasło użytkownika systemowego umożliwia przejęcie konta
In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poi...
In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted ...
In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewin...
A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3...