Every CVE whose affected-product data names Gradle Enterprise, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (21)
CVE-2019-11402 — CVSS 9.8 (critical): In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format.
CVE-2019-11403 — CVSS 9.8 (critical): In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the…
CVE-2021-41589 — CVSS 9.8 (critical): In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code…
CVE-2022-27919 — CVSS 9.8 (critical): Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The…
CVE-2023-49238 — CVSS 9.8 (critical): In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios)…
CVE-2020-15776 — CVSS 8.8 (high): An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. The CSRF prevention token is stored in a request cookie that is not…
CVE-2022-25364 — CVSS 8.1 (high): In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not…
CVE-2022-41575 — CVSS 7.5 (high): A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to…
CVE-2020-15771 — CVSS 7.5 (high): An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. Cross-site transmission of cookie…
CVE-2020-15775 — CVSS 7.5 (high): An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build information…
CVE-2022-41574 — CVSS 7.5 (high): An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and…
CVE-2020-15768 — CVSS 7.5 (high): An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header…
CVE-2021-41619 — CVSS 7.2 (high): An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup…
CVE-2020-15774 — CVSS 6.8 (medium): An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. An attacker with physical access to the browser of a user who has recently…
CVE-2022-27225 — CVSS 6.5 (medium): Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management…
CVE-2020-15773 — CVSS 6.5 (medium): An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data in the Export…
CVE-2020-15769 — CVSS 6.1 (medium): An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS issue exists via the request URL.
CVE-2020-15770 — CVSS 5.5 (medium): An issue was discovered in Gradle Enterprise 2018.5. An attacker can potentially make repeated attempts to guess a local user's password…
CVE-2020-15767 — CVSS 5.3 (medium): An issue was discovered in Gradle Enterprise before 2020.2.5. The cookie used to convey the CSRF prevention token is not annotated with the…
CVE-2021-41590 — CVSS 5.3 (medium): In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The…
CVE-2020-15772 — CVSS 4.9 (medium): An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. When configuring Gradle Enterprise to integrate with a SAML identity…