PT-2021-17112 · Gradle · Test-Distribution-Gradle-Plugin+2

Published

2021-02-09

Updated

2021-02-12

CVE-2021-26719

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Gradle gradle-enterprise-test-distribution-agent versions prior to 1.3.2 Gradle test-distribution-gradle-plugin versions prior to 1.3.2 Gradle gradle-enterprise-maven-extension versions prior to 1.8.2

Description A directory traversal issue allows a malicious actor with certain credentials to perform a registration step, leading to the extraction of files into arbitrary filesystem locations by using crafted TAR archives.

Recommendations For Gradle gradle-enterprise-test-distribution-agent versions prior to 1.3.2, update to version 1.3.2 or later. For Gradle test-distribution-gradle-plugin versions prior to 1.3.2, update to version 1.3.2 or later. For Gradle gradle-enterprise-maven-extension versions prior to 1.8.2, update to version 1.8.2 or later.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2021-26719

Affected Products

Gradle-Enterprise-Maven-Extension

Gradle-Enterprise-Test-Distribution-Agent

Test-Distribution-Gradle-Plugin

PT-2021-17112 · Gradle · Test-Distribution-Gradle-Plugin+2

CVE-2021-26719

Weakness Enumeration

Related Identifiers

Affected Products

References · 6