threat
engine
.sh
Back
·
··:··
Home
/
Product
/
gradle enterprise
Product
gradle enterprise
33 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-49238
< 2023.1
In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation sc
9.8
CRITICAL
CVE-2022-41575
>= 2022.3 and < 2022.3.3
A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote att
7.5
HIGH
CVE-2022-41574
>= 2020.4 and < 2022.3.2
An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occur
7.5
HIGH
CVE-2022-27919
>= 2020.4 and <= 2021.4.3
Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration
9.8
CRITICAL
CVE-2022-25364
< 2021.4.2
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was n
8.1
HIGH
CVE-2022-27225
>= 2020.1 and < 2021.4.3
Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity manageme
6.5
MEDIUM
CVE-2021-41619
>= 2020.4 and < 2021.1.2
An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup
7.2
HIGH
CVE-2021-41590
>= 2020.4 and < 2021.3
In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The
5.3
MEDIUM
CVE-2021-41589
< 2021.3
In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote co
9.8
CRITICAL
CVE-2020-15773
< 2020.2.4
An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data in t
6.5
MEDIUM
CVE-2020-15776
>= 2018.2 and <= 2020.2.4
An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. The CSRF prevention token is stored in a request cookie that is no
8.8
HIGH
CVE-2020-15775
>= 2017.1 and <= 2020.2.4
An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build info
7.5
HIGH
CVE-2020-15774
>= 2018.5 and <= 2020.2.4
An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. An attacker with physical access to the browser of a user who has
6.8
MEDIUM
CVE-2020-15772
>= 2018.5 and <= 2020.2.4
An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. When configuring Gradle Enterprise to integrate with a SAML identi
4.9
MEDIUM
CVE-2020-15771
all versions
An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. Cross-site transmission of cookie
7.5
HIGH
CVE-2020-15770
all versions
An issue was discovered in Gradle Enterprise 2018.5. An attacker can potentially make repeated attempts to guess a local user's pa
5.5
MEDIUM
CVE-2020-15769
>= 2020.2 and <= 2020.2.4
An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS issue exists via the request URL.
6.1
MEDIUM
CVE-2020-15768
>= 2017.3 and <= 2020.2.4
An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP
7.5
HIGH
CVE-2020-15767
< 2020.2.5
An issue was discovered in Gradle Enterprise before 2020.2.5. The cookie used to convey the CSRF prevention token is not annotated
5.3
MEDIUM
CVE-2019-7274
<= 2.3.0a
Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root.
9.8
CRITICAL
CVE-2019-7273
<= 2.3.0a
Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF).
8.8
HIGH
CVE-2019-7272
<= 2.3.0a
Optergy Proton/Enterprise devices allow Username Disclosure.
5.3
MEDIUM
CVE-2019-7278
<= 2.3.0a
Optergy Proton/Enterprise devices have an Unauthenticated SMS Sending Service.
6.5
MEDIUM
CVE-2019-7277
<= 2.3.0a
Optergy Proton/Enterprise devices allow Unauthenticated Internal Network Information Disclosure.
5.3
MEDIUM
CVE-2019-7276
<= 2.3.0a
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console.
9.8
CRITICAL
CVE-2019-7275
<= 2.3.0a
Optergy Proton/Enterprise devices allow Open Redirect.
6.1
MEDIUM
CVE-2019-7279
<= 2.3.0a
Optergy Proton/Enterprise devices have Hard-coded Credentials.
7.3
HIGH
CVE-2019-11403
< 2018.5.2
In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page sour
9.8
CRITICAL
CVE-2019-11402
< 2018.5.3
In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format.
9.8
CRITICAL
CVE-2008-7312
all versions
The Filtering Service in Websense Enterprise 5.2 through 6.3 does not consider the IP address during URL categorization, which mak
CVE-2006-5746
all versions
The console in AirMagnet Enterprise before 7.5 build 6307 does not properly validate the Enterprise Server certificate, which allo
CVE-2006-5742
all versions
The AirMagnet Enterprise console and Remote Sensor console (Laptop) in AirMagnet Enterprise before 7.5 build 6307 allows remote at
CVE-2006-5741
all versions
Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet Enterprise before 7.5 build 6307 allow remote attackers to inject
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin