Known Vulnerabilities for products from Gradle
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Gradle".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-23630 | Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may... | 7.5 - HIGH | 2022-02-10 | 2022-02-17 |
| CVE-2021-41619 | An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application st... | 7.2 - HIGH | 2021-10-27 | 2021-11-03 |
| CVE-2021-41590 | In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test.... | 5.3 - MEDIUM | 2021-10-27 | 2022-07-12 |
| CVE-2021-41589 | In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remo... | 9.8 - CRITICAL | 2021-10-27 | 2021-11-03 |
| CVE-2021-41588 | In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The att... | 8.1 - HIGH | 2021-09-24 | 2021-10-01 |
| CVE-2021-41587 | In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentia... | 7.5 - HIGH | 2021-09-24 | 2021-09-30 |
| CVE-2021-41586 | In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system u... | 7.5 - HIGH | 2021-09-24 | 2021-09-30 |
| CVE-2021-41584 | Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive ... | 7.5 - HIGH | 2021-09-24 | 2022-06-28 |
| CVE-2021-32751 | Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `applicatio... | 7.5 - HIGH | 2021-07-20 | 2021-07-30 |
| CVE-2021-29429 | In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to ... | 5.5 - MEDIUM | 2021-04-12 | 2021-10-20 |
| CVE-2021-29428 | In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that ... | 7.8 - HIGH | 2021-04-13 | 2021-10-20 |
| CVE-2021-29427 | In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or de... | 7.2 - HIGH | 2021-04-13 | 2021-10-20 |
| CVE-2021-26719 | A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distributio... | 6.5 - MEDIUM | 2021-02-09 | 2021-02-12 |
| CVE-2020-15777 | An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. The extension uses a socket connectio... | 7.8 - HIGH | 2020-08-25 | 2023-05-16 |
| CVE-2020-15776 | An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. The CSRF prevention token is stored in a request cookie that ... | 8.8 - HIGH | 2020-09-18 | 2022-09-30 |
| CVE-2020-15775 | An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build... | 7.5 - HIGH | 2020-09-18 | 2022-09-30 |
| CVE-2020-15774 | An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. An attacker with physical access to the browser of a user who... | 6.8 - MEDIUM | 2020-09-18 | 2022-09-30 |
| CVE-2020-15773 | An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data... | 6.5 - MEDIUM | 2020-09-18 | 2020-09-25 |
| CVE-2020-15772 | An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. When configuring Gradle Enterprise to integrate with a SAML i... | 4.9 - MEDIUM | 2020-09-18 | 2022-09-30 |
| CVE-2020-15771 | An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. Cross-site transmission of co... | 7.5 - HIGH | 2020-09-18 | 2021-12-21 |
Known software with vulnerabilities from Gradle
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Gradle | Enterprise | 2017.1 |
| Application | Gradle | Enterprise Cache Node | 1.0 |
| Application | Gradle | Enterprise Test Distribution Agent | 1.0 |
| Application | Gradle | Gradle | 0.1 |
| Application | Gradle | Maven | 1.0 |
| Application | Gradle | Plugin Publishing | - |
| Application | Gradle | Test Distribution | - |