VYPR

Gradle Enterprise

by Gradle Enterprise

CVEs (2)

  • CVE-2022-41575HigOct 21, 2022
    risk 0.49cvss 7.5epss 0.01

    A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials). This is fixed in 2022.3.3.

  • CVE-2021-41619HigOct 27, 2021
    risk 0.47cvss 7.2epss 0.03

    An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup configuration. The installation configuration user interface (available to administrators) allows specifying arbitrary Java Virtual Machine startup…