PT-2022-18690 · Gradle · Gradle Enterprise
Published
2022-03-25
·
Updated
2023-08-08
·
CVE-2022-27919
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Gradle Enterprise versions prior to 2022.1
Description
The issue allows remote code execution if the installation process did not specify an initial configuration file, enabling certain anonymous access to administration and an API.
Recommendations
For Gradle Enterprise versions prior to 2022.1, ensure that an initial configuration file is specified during the installation process to prevent remote code execution. As a temporary workaround, consider restricting anonymous access to administration and the API until a fixed version is installed.
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gradle Enterprise