Incorrect Access Control in Develocity by Gradle
CVE-2024-46881

7.1HIGH

Key Information:

Vendor: Gradle
Status: Enterprise
Vendor: CVE Published:; 26 January 2025

What is CVE-2024-46881?

Develocity, previously known as Gradle Enterprise, has a vulnerability stemming from incorrect access control configurations. Prior to version 2024.1.8, migration from Enterprise Config schema version 8 to subsequent versions does not retain project-level settings, potentially resetting them to defaults. This leads to project-level access control being disabled, even if it was previously enabled, which may expose restricted project information. The issue most commonly arises during upgrades from older versions and can only be triggered by an administrator, limiting external attack vectors.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Enterprise 2023.4 < 2024.1.8

References

https://security.gradle.com/advisory/2024-03

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 26, 2025
Vulnerability Reserved
Sep 12, 2024

JSON

Gradle