PT-2019-12287 · Gradle · Gradle Enterprise
Published
2019-04-21
·
Updated
2023-01-20
·
CVE-2019-11402
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Gradle Enterprise versions prior to 2018.5.3
Description
The issue concerns the storage of credentials in Build Cache Nodes. In Gradle Enterprise, these nodes did not store credentials at rest in an encrypted format.
Recommendations
For versions prior to 2018.5.3, update to version 2018.5.3 or later to ensure credentials are stored in an encrypted format at rest.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gradle Enterprise