CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2022-27919

CVSS 9.8v3.1pub. 2022-03-25upd. 2024-11-21

Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Gradle Enterprise

    APP
    Gradle
    2020.4 – 2021.4.3
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2023-49238CRITICAL9.8PL ✓ten sam produkt

Gradle Enterprise — domyślne nieunikalnie hasło użytkownika systemowego umożliwia przejęcie konta

CVE-2021-41589CRITICAL9.8ten sam produkt

In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poi...

CVE-2019-11402CRITICAL9.8ten sam produkt

In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted ...

CVE-2019-11403CRITICAL9.8ten sam produkt

In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewin...

CVE-2022-41575HIGH7.5ten sam produkt

A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3...