Skip to main content

Enterprise

29 CVEs product

Monthly

CVE-2023-49238 CRITICAL Act Now

In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Enterprise
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-41575 HIGH This Week

A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enterprise
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-41574 HIGH This Week

An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-27919 CRITICAL Act Now

Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Enterprise
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25364 HIGH This Week

In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Enterprise
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-27225 MEDIUM This Month

Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Enterprise
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-41619 HIGH This Week

An issue was discovered in Gradle Enterprise before 2021.1.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Java Enterprise
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2021-41590 MEDIUM This Month

In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enterprise
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-41589 CRITICAL Act Now

In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Build Cache Node Enterprise
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-15773 MEDIUM This Month

An issue was discovered in Gradle Enterprise before 2020.2.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Enterprise
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-15776 HIGH This Week

An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE CSRF Enterprise
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-15775 HIGH This Week

An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enterprise
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-15774 MEDIUM This Month

An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enterprise
NVD GitHub
CVSS 3.1
6.8
EPSS
0.3%
CVE-2020-15772 MEDIUM This Month

An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF XXE Enterprise
NVD GitHub
CVSS 3.1
4.9
EPSS
1.2%
CVE-2020-15771 HIGH This Week

An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Enterprise Enterprise Cache Node
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-15770 MEDIUM This Month

An issue was discovered in Gradle Enterprise 2018.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Enterprise
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-15769 MEDIUM This Month

An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enterprise
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-15768 HIGH This Week

An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enterprise Enterprise Cache Node
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-15767 MEDIUM This Month

An issue was discovered in Gradle Enterprise before 2020.2.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

CSRF Enterprise
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2019-7274 CRITICAL POC THREAT Act Now

Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Enterprise Proton
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
29.0%
CVE-2019-7273 HIGH POC This Week

Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Enterprise Proton
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
4.5%
CVE-2019-7272 MEDIUM POC THREAT This Month

Optergy Proton/Enterprise devices allow Username Disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Enterprise Proton
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
10.5%
CVE-2019-7278 MEDIUM This Month

Optergy Proton/Enterprise devices have an Unauthenticated SMS Sending Service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Proton
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2019-7277 MEDIUM This Month

Optergy Proton/Enterprise devices allow Unauthenticated Internal Network Information Disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enterprise Proton
NVD
CVSS 3.0
5.3
EPSS
1.9%
CVE-2019-7276 CRITICAL POC THREAT Emergency

Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Enterprise Proton
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
93.4%
CVE-2019-7275 MEDIUM POC This Month

Optergy Proton/Enterprise devices allow Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Enterprise Proton
NVD
CVSS 3.1
6.1
EPSS
9.1%
CVE-2019-7279 HIGH This Week

Optergy Proton/Enterprise devices have Hard-coded Credentials. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Proton
NVD
CVSS 3.0
7.3
EPSS
1.8%
CVE-2019-11403 CRITICAL Act Now

In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Build Cache Node Enterprise
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2019-11402 CRITICAL Act Now

In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enterprise
NVD
CVSS 3.1
9.8
EPSS
1.3%
EPSS 1% CVSS 9.8
CRITICAL Act Now

In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Enterprise
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enterprise
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Enterprise
NVD
EPSS 1% CVSS 8.1
HIGH This Week

In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Enterprise
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Enterprise
NVD
EPSS 3% CVSS 7.2
HIGH This Week

An issue was discovered in Gradle Enterprise before 2021.1.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Java +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enterprise
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Build Cache Node Enterprise
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered in Gradle Enterprise before 2020.2.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Enterprise
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE CSRF Enterprise
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enterprise
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM This Month

An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enterprise
NVD GitHub
EPSS 1% CVSS 4.9
MEDIUM This Month

An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF XXE Enterprise
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Enterprise Enterprise Cache Node
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was discovered in Gradle Enterprise 2018.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Enterprise
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enterprise
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enterprise Enterprise Cache Node
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

An issue was discovered in Gradle Enterprise before 2020.2.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

CSRF Enterprise
NVD GitHub
EPSS 29% CVSS 9.8
CRITICAL POC THREAT Act Now

Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Enterprise +1
NVD Exploit-DB
EPSS 4% CVSS 8.8
HIGH POC This Week

Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Enterprise Proton
NVD Exploit-DB
EPSS 10% CVSS 5.3
MEDIUM POC THREAT This Month

Optergy Proton/Enterprise devices allow Username Disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Enterprise Proton
NVD Exploit-DB
EPSS 2% CVSS 6.5
MEDIUM This Month

Optergy Proton/Enterprise devices have an Unauthenticated SMS Sending Service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Proton
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

Optergy Proton/Enterprise devices allow Unauthenticated Internal Network Information Disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enterprise Proton
NVD
EPSS 93% CVSS 9.8
CRITICAL POC THREAT Emergency

Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Enterprise Proton
NVD Exploit-DB
EPSS 9% CVSS 6.1
MEDIUM POC This Month

Optergy Proton/Enterprise devices allow Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Enterprise Proton
NVD
EPSS 2% CVSS 7.3
HIGH This Week

Optergy Proton/Enterprise devices have Hard-coded Credentials. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Proton
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Build Cache Node Enterprise
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enterprise
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy