CVE-2023-49238

Name of the Vulnerable Software and Affected Versions Gradle Enterprise versions prior to 2023.1

Description A remote attacker may gain access to a new installation of Gradle Enterprise in certain scenarios due to a non-unique initial system user password. Although this password must be changed upon the first login, it is possible for an attacker to log in before the legitimate administrator.

Recommendations For versions prior to 2023.1, update to version 2023.1 or later to resolve the issue. As a temporary workaround, consider changing the initial system user password immediately after installation to prevent potential unauthorized access.