Gradle Enterprise

23 CVEs affecting Gradle Enterprise. Latest disclosed: 2025-01-26. Critical: 5, High: 9.

Top CVEs affecting Gradle Enterprise
CVESeverityScorePublishedSummary
CVE-2023-49238Critical9.82024-01-09In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-uni…
CVE-2022-27919Critical9.82022-03-25Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allow…
CVE-2021-41589Critical9.82021-10-27In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the…
CVE-2019-11403Critical9.82019-04-22In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page.
CVE-2019-11402Critical9.82019-04-22In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format.
CVE-2020-15776High8.82020-09-18An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. The CSRF prevention token is stored in a request cookie that is not annotated as HttpOnly. An a…
CVE-2022-25364High8.12022-03-17In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malici…
CVE-2022-41575High7.52022-10-21A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of…
CVE-2022-41574High7.52022-10-07An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with ar…
CVE-2020-15775High7.52020-09-18An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build information such as project names…
CVE-2020-15771High7.52020-09-18An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. Cross-site transmission of cookie containing CSRF token allows…
CVE-2020-15768High7.52020-09-18An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection in Gradle…
CVE-2021-41619High7.22021-10-27An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup configuration. The installat…
CVE-2024-46881High7.12025-01-26Develocity (formerly Gradle Enterprise) before 2024.1.8 has Incorrect Access Control. Project-level access control configuration was introduced in Enterprise C…
CVE-2020-15774Medium6.82020-09-18An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. An attacker with physical access to the browser of a user who has recently logged in to Gradle…
CVE-2022-27225Medium6.52022-03-16Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-…
CVE-2020-15773Medium6.52020-09-18An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data in the Export API, an attacker ca…
CVE-2020-15769Medium6.12020-09-18An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS issue exists via the request URL.
CVE-2020-15770Medium5.52020-09-18An issue was discovered in Gradle Enterprise 2018.5. An attacker can potentially make repeated attempts to guess a local user's password, due to lack of lock-o…
CVE-2021-41590Medium5.32021-10-27In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration us…