Anonymous Write Access Vulnerability in Gradle Enterprise
CVE-2022-25364

8.1HIGH

Key Information:

Vendor

Gradle

Status
Enterprise
Vendor
CVE Published:
17 March 2022

What is CVE-2022-25364?

A vulnerability in Gradle Enterprise prior to version 2021.4.2 permits anonymous write access to its built-in build cache configuration. If not manually revised, this oversight allows malicious actors with network access to input compromised entries into the build cache, which could lead to the execution of harmful code during a build process. After version 2021.4.2, the built-in build cache is set to be inaccessible by default, necessitating a deliberate configuration of its access-control settings before any usage.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://security.gradle.com
x_refsource_MISC
https://security.gradle.com/advisory/2022-02
x_refsource_MISC

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.