CVE-2022-25364

Name of the Vulnerable Software and Affected Versions Gradle Enterprise versions prior to 2021.4.2

Description The default built-in build cache configuration in Gradle Enterprise allowed anonymous write access, potentially enabling a malicious actor with network access to populate the cache with manipulated entries that execute malicious code as part of a build. As of version 2021.4.2, the built-in build cache is inaccessible by default and requires explicit configuration of its access-control settings before use.

Recommendations For versions prior to 2021.4.2, update to version 2021.4.2 or later to ensure the built-in build cache is inaccessible by default and requires explicit configuration of its access-control settings. As a temporary workaround, consider restricting access to the build cache to minimize the risk of exploitation.