VYPR

Develocity

by Gradle

CVEs (2)

  • CVE-2025-24858HigJan 26, 2025
    risk 0.54cvss epss 0.00

    Develocity (formerly Gradle Enterprise) before 2024.3.1 allows an attacker who has network access to a Develocity server to obtain the hashed password of the system user. The hash algorithm used by Develocity was chosen according to best practices for password storage and…

  • CVE-2024-46881HigJan 26, 2025
    risk 0.46cvss 7.1epss 0.00

    Develocity (formerly Gradle Enterprise) before 2024.1.8 has Incorrect Access Control. Project-level access control configuration was introduced in Enterprise Config schema version 8. Migration functionality from schema version 8 to versions 9 and 10 (in affected vulnerable…