rpm package
opensuse/gradle-bootstrap&distro=openSUSE Leap 15.5
pkg:rpm/opensuse/gradle-bootstrap&distro=openSUSE%20Leap%2015.5
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-29429 | — | < 4.4.1-150200.3.9.1 | 4.4.1-150200.3.9.1 | Apr 12, 2021 | In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFacto | ||
| CVE-2019-15052 | — | < 4.4.1-150200.3.9.1 | 4.4.1-150200.3.9.1 | Aug 14, 2019 | The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007. |
- CVE-2021-29429Apr 12, 2021affected < 4.4.1-150200.3.9.1fixed 4.4.1-150200.3.9.1
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFacto
- CVE-2019-15052Aug 14, 2019affected < 4.4.1-150200.3.9.1fixed 4.4.1-150200.3.9.1
The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007.