PT-2022-25947 · Gradle · Gradle Enterprise

Published

2022-10-07

Updated

2022-10-11

CVE-2022-41574

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Gradle Enterprise versions 2022.3.1 through 2022.4

Description An access-control issue allows remote attackers to prevent backups and send emails with arbitrary text content to the installation-administrator contact address via HTTP access to an exposed internal endpoint.

Recommendations For Gradle Enterprise versions 2022.3.1 through 2022.4, update to version 2022.3.2 to resolve the issue.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2022-41574

Affected Products

Gradle Enterprise

PT-2022-25947 · Gradle · Gradle Enterprise

CVE-2022-41574

Weakness Enumeration

Related Identifiers

Affected Products

References · 5