A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials). This is fixed in 2022.3.3.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NGradle Enterprise
APPGradle2022.3 – 2022.3.3 (bez)
Related vulnerabilities
Gradle Enterprise — domyślne nieunikalnie hasło użytkownika systemowego umożliwia przejęcie konta
Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an in...
In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poi...
In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted ...
In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewin...