Known Vulnerabilities for products from Gradle
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Gradle".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-44387 json | Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving... | 6.5 - MEDIUM | 2023-10-05 | 2023-11-10 |
| CVE-2023-42445 json | Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradl... | 5.3 - MEDIUM | 2023-10-06 | 2023-11-10 |
| CVE-2023-35947 json | Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when... | 8.1 - HIGH | 2023-06-30 | 2023-08-03 |
| CVE-2023-35946 json | Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a depe... | 5.5 - MEDIUM | 2023-06-30 | 2023-07-31 |
| CVE-2023-30853 json | Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub w... | 6.5 - MEDIUM | 2023-04-28 | 2023-05-10 |
| CVE-2023-26053 json | Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attac... | 9.8 - CRITICAL | 2023-03-02 | 2023-04-13 |
| CVE-2022-41575 json | A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remot... | 7.5 - HIGH | 2022-10-21 | 2022-10-24 |
| CVE-2022-41574 json | An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from ... | 7.5 - HIGH | 2022-10-07 | 2022-10-11 |
| CVE-2022-31156 json | Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow valid... | 4.4 - MEDIUM | 2022-07-14 | 2023-07-24 |
| CVE-2022-30587 json | Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure. | 7.5 - HIGH | 2022-06-06 | 2023-08-08 |
| CVE-2022-30586 json | Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution. | 7.2 - HIGH | 2022-06-06 | 2023-08-08 |
| CVE-2022-27919 json | Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configura... | 9.8 - CRITICAL | 2022-03-25 | 2023-08-08 |
| CVE-2022-27225 json | Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity man... | 6.5 - MEDIUM | 2022-03-16 | 2022-03-22 |
| CVE-2022-25364 json | In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this ... | 8.1 - HIGH | 2022-03-17 | 2023-08-08 |
| CVE-2022-23630 json | Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may... | 7.5 - HIGH | 2022-02-10 | 2022-02-17 |
| CVE-2021-41619 json | An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application st... | 7.2 - HIGH | 2021-10-27 | 2021-11-03 |
| CVE-2021-41590 json | In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test.... | 5.3 - MEDIUM | 2021-10-27 | 2022-07-12 |
| CVE-2021-41589 json | In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remo... | 9.8 - CRITICAL | 2021-10-27 | 2021-11-03 |
| CVE-2021-41588 json | In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The att... | 8.1 - HIGH | 2021-09-24 | 2021-10-01 |
| CVE-2021-41587 json | In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentia... | 7.5 - HIGH | 2021-09-24 | 2021-09-30 |
Known software with vulnerabilities from Gradle
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Gradle | Enterprise | 2017.1 |
| Application | Gradle | Enterprise Cache Node | 1.0 |
| Application | Gradle | Enterprise Test Distribution Agent | 1.0 |
| Application | Gradle | Gradle | 0.1 |
| Application | Gradle | Maven | 1.0 |
| Application | Gradle | Plugin Publishing | - |
| Application | Gradle | Test Distribution | - |