Vulnerabilites related to gradle - gradle
Vulnerability from fkie_nvd
Published
2021-09-24 15:15
Modified
2024-11-21 06:26
Severity ?
Summary
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://security.gradle.com/advisory/2021-05 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gradle.com/advisory/2021-05 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gradle:gradle:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "DBED4A28-D648-4BA5-9B1F-81CC2F4C92EA", versionEndExcluding: "2021.1.3", versionStartIncluding: "2020.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password.", }, { lang: "es", value: "En Gradle Enterprise versiones anteriores a 2021.1.3, un atacante con la habilidad de llevar a cabo ataques de tipo SSRF puede potencialmente restablecer la contraseña del usuario del sistema.", }, ], id: "CVE-2021-41586", lastModified: "2024-11-21T06:26:28.580", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-09-24T15:15:08.787", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://security.gradle.com/advisory/2021-05", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://security.gradle.com/advisory/2021-05", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-30 21:15
Modified
2024-11-21 08:09
Severity ?
6.9 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to write files into an unintended location. The file may be written outside the dependency cache or over another file in the dependency cache. This vulnerability could be used to poison the dependency cache or overwrite important files elsewhere on the filesystem where the Gradle process has write permissions. Exploiting this vulnerability requires an attacker to have control over a dependency repository used by the Gradle build or have the ability to modify the build's configuration. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Gradle will refuse to cache dependencies that have path traversal elements in their dependency coordinates. It is recommended that users upgrade to a patched version. If you are unable to upgrade to Gradle 7.6.2 or 8.2, `dependency verification` will make this vulnerability more difficult to exploit.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*", matchCriteriaId: "625A3013-4C8A-46A0-9559-A01BDB4C23CB", versionEndExcluding: "7.6.2", vulnerable: true, }, { criteria: "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*", matchCriteriaId: "8E909D6A-5F91-434F-8506-50CBC384EAB5", versionEndExcluding: "8.2.0", versionStartIncluding: "8.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to write files into an unintended location. The file may be written outside the dependency cache or over another file in the dependency cache. This vulnerability could be used to poison the dependency cache or overwrite important files elsewhere on the filesystem where the Gradle process has write permissions. Exploiting this vulnerability requires an attacker to have control over a dependency repository used by the Gradle build or have the ability to modify the build's configuration. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Gradle will refuse to cache dependencies that have path traversal elements in their dependency coordinates. It is recommended that users upgrade to a patched version. If you are unable to upgrade to Gradle 7.6.2 or 8.2, `dependency verification` will make this vulnerability more difficult to exploit.", }, ], id: "CVE-2023-35946", lastModified: "2024-11-21T08:09:02.030", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.3, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-30T21:15:09.070", references: [ { source: "security-advisories@github.com", tags: [ "Product", "Vendor Advisory", ], url: "https://docs.gradle.org/current/userguide/dependency_verification.html", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/commit/859eae2b2acf751ae7db3c9ffefe275aa5da0d5d", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/commit/b07e528feb3a5ffa66bdcc358549edd73e4c8a12", }, { source: "security-advisories@github.com", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-2h6c-rv6q-494v", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20230731-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", "Vendor Advisory", ], url: "https://docs.gradle.org/current/userguide/dependency_verification.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/commit/859eae2b2acf751ae7db3c9ffefe275aa5da0d5d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/commit/b07e528feb3a5ffa66bdcc358549edd73e4c8a12", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-2h6c-rv6q-494v", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20230731-0003/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-02-10 20:15
Modified
2024-11-21 06:48
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled on one or more configurations and those configurations have common dependencies with other configurations that have dependency verification enabled. If the configuration that has dependency verification disabled is resolved first, Gradle does not verify the common dependencies for the configuration that has dependency verification enabled. Gradle 7.4 fixes that issue by validating artifacts at least once if they are present in a resolved configuration that has dependency verification active. For users who cannot update either do not use `ResolutionStrategy.disableDependencyVerification()` and do not use plugins that use that method to disable dependency verification for a single configuration or make sure resolution of configuration that disable that feature do not happen in builds that resolve configuration where the feature is enabled.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://docs.gradle.org/7.4/release-notes.html | Release Notes, Vendor Advisory | |
| security-advisories@github.com | https://github.com/gradle/gradle/commit/88ab9b652933bc3b2e3161b31ad8b8f4f0516351 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/gradle/gradle/security/advisories/GHSA-9pf5-88jw-3qgr | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.gradle.org/7.4/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gradle/gradle/commit/88ab9b652933bc3b2e3161b31ad8b8f4f0516351 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gradle/gradle/security/advisories/GHSA-9pf5-88jw-3qgr | Mitigation, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*", matchCriteriaId: "E131D9F9-B2A5-48D3-93CE-E60D5706824C", versionEndIncluding: "7.3.3", versionStartIncluding: "6.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled on one or more configurations and those configurations have common dependencies with other configurations that have dependency verification enabled. If the configuration that has dependency verification disabled is resolved first, Gradle does not verify the common dependencies for the configuration that has dependency verification enabled. Gradle 7.4 fixes that issue by validating artifacts at least once if they are present in a resolved configuration that has dependency verification active. For users who cannot update either do not use `ResolutionStrategy.disableDependencyVerification()` and do not use plugins that use that method to disable dependency verification for a single configuration or make sure resolution of configuration that disable that feature do not happen in builds that resolve configuration where the feature is enabled.", }, { lang: "es", value: "Gradle es una herramienta de compilación con un enfoque en la automatización de la compilación y el soporte para el desarrollo multilingüe. En algunos casos, Gradle puede omitir esa verificación y aceptar una dependencia que de otra manera fallaría la construcción como un artefacto externo no confiable. Esto ocurre cuando la verificación de dependencias está deshabilitada en una o más configuraciones y esas configuraciones presentan dependencias comunes con otras configuraciones que presentan la verificación de dependencias habilitada. Si la configuración que presenta deshabilitada la verificación de dependencias se resuelve primero, Gradle no verifica las dependencias comunes para la configuración que presenta habilitada la verificación de dependencias. Gradle versión 7.4 corrige este problema al comprobar los artefactos al menos una vez si están presentes en una configuración resuelta que presenta activa la verificación de dependencias. Para usuarios que no puedan actualizar, o bien no usen \"ResolutionStrategy.disableDependencyVerification()\" y no usen plugins que usen ese método para deshabilitar la verificación de dependencias para una única configuración, o bien asegúrense de que la resolución de la configuración que deshabilita esa característica no sea producida en las compilaciones que resuelven la configuración donde la característica está habilitada", }, ], id: "CVE-2022-23630", lastModified: "2024-11-21T06:48:58.287", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-02-10T20:15:07.317", references: [ { source: "security-advisories@github.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://docs.gradle.org/7.4/release-notes.html", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/commit/88ab9b652933bc3b2e3161b31ad8b8f4f0516351", }, { source: "security-advisories@github.com", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-9pf5-88jw-3qgr", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://docs.gradle.org/7.4/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/commit/88ab9b652933bc3b2e3161b31ad8b8f4f0516351", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-9pf5-88jw-3qgr", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-829", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-04-10 00:29
Modified
2024-11-21 04:20
Severity ?
Summary
Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gradle | gradle | * | |
| fedoraproject | fedora | 28 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*", matchCriteriaId: "2EE35791-FB51-484F-B013-84BECD69EF25", versionEndIncluding: "5.3.1", versionStartIncluding: "1.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", matchCriteriaId: "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.", }, { lang: "es", value: "Gradle versiones desde la 1.4 hasta la 5.3.1 utilizan una HTTP URL insegura, para descargar dependencias cuando se utilizan los plugins JavaScript o CoffeeScript Gradle incorporados. Los artefactos de dependencia podrían haber sido maliciosamente comprometidos por un ataque del MITM contra el sitio web ajax.googleapis.com.", }, ], id: "CVE-2019-11065", lastModified: "2024-11-21T04:20:28.197", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-04-10T00:29:00.243", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/gradle/gradle/pull/8927", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVXOXNLAYRGPKAZV63PYNV3HF27JW2MW/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43P7SVDJOG6OUDVFR4ZIDITZLNHPGTO/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQ5CGOV5QVQCSPGE3WRZDKUGIXLHSZDR/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/gradle/gradle/pull/8927", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVXOXNLAYRGPKAZV63PYNV3HF27JW2MW/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43P7SVDJOG6OUDVFR4ZIDITZLNHPGTO/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQ5CGOV5QVQCSPGE3WRZDKUGIXLHSZDR/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-06-06 19:15
Modified
2024-11-21 07:02
Severity ?
Summary
Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://security.gradle.com | Vendor Advisory | |
| cve@mitre.org | https://security.gradle.com/advisory/2022-09 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gradle.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gradle.com/advisory/2022-09 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gradle:gradle:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "A5142F93-5535-4123-B3FC-F79C01160CFD", versionEndExcluding: "1.3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution.", }, { lang: "es", value: "Gradle Enterprise versiones hasta 2022.2.2, presenta un Control de Acceso Incorrecto que conlleva a una ejecución de código", }, ], id: "CVE-2022-30586", lastModified: "2024-11-21T07:02:58.803", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-06-06T19:15:09.683", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://security.gradle.com", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://security.gradle.com/advisory/2022-09", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://security.gradle.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://security.gradle.com/advisory/2022-09", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-13 20:15
Modified
2024-11-21 06:01
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the "sticky" bit set on your system temporary directory, you are not vulnerable. The problem has been patched and released with Gradle 7.0. As a workaround, on Unix-like operating systems, ensure that the "sticky" bit is set. This only allows the original user (or root) to delete a file. If you are unable to change the permissions of the system temporary directory, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. For additional details refer to the referenced GitHub Security Advisory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://docs.gradle.org/7.0/release-notes.html#security-advisories | Release Notes, Vendor Advisory | |
| security-advisories@github.com | https://github.com/gradle/gradle/pull/15240 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/gradle/gradle/pull/15654 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.gradle.org/7.0/release-notes.html#security-advisories | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gradle/gradle/pull/15240 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gradle/gradle/pull/15654 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336 | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*", matchCriteriaId: "1CBD5FF7-3589-474C-8BA7-0385D3E4BC0F", versionEndExcluding: "7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*", matchCriteriaId: "EF712520-1CFD-473A-B3F5-3CDDFE9C2C9A", versionEndIncluding: "2.2.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the \"sticky\" bit set on your system temporary directory, you are not vulnerable. The problem has been patched and released with Gradle 7.0. As a workaround, on Unix-like operating systems, ensure that the \"sticky\" bit is set. This only allows the original user (or root) to delete a file. If you are unable to change the permissions of the system temporary directory, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. For additional details refer to the referenced GitHub Security Advisory.", }, { lang: "es", value: "En Gradle versiones anteriores a 7.0, en sistemas similares a Unix, el directorio temporal del sistema puede ser creado con permisos abiertos que permiten a varios usuarios crear y eliminar archivos dentro de él. Las compilaciones de Gradle podrían ser vulnerables a una escalada de privilegios local de un atacante que elimine y vuelva a crear rápidamente archivos en el directorio temporal del sistema. Esta vulnerabilidad afectó las compilaciones que usan plugins de script precompilados escritos en Kotlin DSL y pruebas para plugins de Gradle escritos con ProjectBuilder o TestKit. Si tiene Windows o versiones modernas de macOS, no es vulnerable. Si está en un sistema operativo similar a Unix con el bit \"sticky\" configurado en el directorio temporal de su sistema, no es vulnerable. El problema se ha corregido y publicado con Gradle 7.0. Como solución alternativa, en sistemas operativos similares a Unix, asegúrese de que el bit \"sticky\" está establecido. Esto solo permite que el usuario original (o root) elimine un archivo. Si no puede cambiar los permisos del directorio temporal del sistema, puede mover el directorio temporal de Java configurando la propiedad del sistema `java.io.tmpdir`. La nueva ruta debe limitar los permisos solo al usuario de la compilación. Para obtener detalles adicionales, consulte el Aviso de Seguridad de GitHub al que se hace referencia", }, ], id: "CVE-2021-29428", lastModified: "2024-11-21T06:01:04.577", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2, impactScore: 6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-13T20:15:21.797", references: [ { source: "security-advisories@github.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://docs.gradle.org/7.0/release-notes.html#security-advisories", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/pull/15240", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/pull/15654", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://docs.gradle.org/7.0/release-notes.html#security-advisories", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/pull/15240", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/pull/15654", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-378", }, { lang: "en", value: "CWE-379", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-14 20:15
Modified
2024-11-21 07:04
Severity ?
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
Summary
Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This can occur in two ways. When signature verification is disabled but the verification metadata contains entries for dependencies that only have a `gpg` element but no `checksum` element. When signature verification is enabled, the verification metadata contains entries for dependencies with a `gpg` element but there is no signature file on the remote repository. In both cases, the verification will accept the dependency, skipping signature verification and not complaining that the dependency has no checksum entry. For builds that are vulnerable, there are two risks. Gradle could download a malicious binary from a repository outside your organization due to name squatting. For those still using HTTP only and not HTTPS for downloading dependencies, the build could download a malicious library instead of the expected one. Gradle 7.5 patches this issue by making sure to run checksum verification if signature verification cannot be completed, whatever the reason. Two workarounds are available: Remove all `gpg` elements from dependency verification metadata if you disable signature validation and/or avoid adding `gpg` entries for dependencies that do not have signature files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://docs.gradle.org/7.5/release-notes.html | Release Notes, Vendor Advisory | |
| security-advisories@github.com | https://github.com/gradle/gradle/security/advisories/GHSA-j6wc-xfg8-jx2j | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.gradle.org/7.5/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gradle/gradle/security/advisories/GHSA-j6wc-xfg8-jx2j | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*", matchCriteriaId: "F2F50EB8-F490-42D0-BD10-7E40394E1A17", versionEndExcluding: "7.5.0", versionStartIncluding: "6.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This can occur in two ways. When signature verification is disabled but the verification metadata contains entries for dependencies that only have a `gpg` element but no `checksum` element. When signature verification is enabled, the verification metadata contains entries for dependencies with a `gpg` element but there is no signature file on the remote repository. In both cases, the verification will accept the dependency, skipping signature verification and not complaining that the dependency has no checksum entry. For builds that are vulnerable, there are two risks. Gradle could download a malicious binary from a repository outside your organization due to name squatting. For those still using HTTP only and not HTTPS for downloading dependencies, the build could download a malicious library instead of the expected one. Gradle 7.5 patches this issue by making sure to run checksum verification if signature verification cannot be completed, whatever the reason. Two workarounds are available: Remove all `gpg` elements from dependency verification metadata if you disable signature validation and/or avoid adding `gpg` entries for dependencies that do not have signature files.", }, { lang: "es", value: "Gradle es una herramienta de construcción. La verificación de dependencias es una característica de seguridad en la herramienta de construcción Gradle que fue introducida para permitir la comprobación de las dependencias externas mediante su suma de comprobación o de firmas criptográficas. En versiones 6.2 hasta 7.4.2, se presentan algunos casos en los que Gradle puede omitir esa verificación y aceptar una dependencia que, de otro modo, fallaría en la compilación como un artefacto externo no confiable. Esto puede ocurrir de dos maneras. Cuando la verificación de firmas está deshabilitada pero los metadatos de verificación contienen entradas para dependencias que sólo presentan un elemento \"gpg\" pero ningún elemento \"checksum\". Cuando la verificación de firmas está habilitada, los metadatos de verificación contienen entradas para dependencias con un elemento \"gpg\" pero no es presentado ningún archivo de firma en el repositorio remoto. En ambos casos, la verificación aceptará la dependencia, omitiendo la verificación de la firma y no quejándose de que la dependencia no presenta una entrada de suma de comprobación. Para las construcciones que son vulnerables, se presentan dos riesgos. Gradle podría descargar un binario malicioso de un repositorio fuera de su organización debido a la ocupación de nombres. Para aquellos que todavía usan HTTP y no HTTPS para descargar dependencias, la compilación podría descargar una biblioteca maliciosa en lugar de la esperada. Gradle versión 7.5 parchea este problema al asegurarse de ejecutar la verificación de la suma de comprobación si la verificación de la firma no puede completarse, sea cual sea el motivo. Se presentan dos mitigaciones disponibles: Eliminar todos los elementos \"gpg\" de los metadatos de verificación de dependencias si es deshabilitada la comprobación de firmas y/o evitar añadir entradas \"gpg\" para las dependencias que no presentan archivos de firma", }, ], id: "CVE-2022-31156", lastModified: "2024-11-21T07:04:01.107", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 5.9, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-14T20:15:08.553", references: [ { source: "security-advisories@github.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://docs.gradle.org/7.5/release-notes.html", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-j6wc-xfg8-jx2j", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://docs.gradle.org/7.5/release-notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-j6wc-xfg8-jx2j", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-829", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-347", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-07-20 23:15
Modified
2024-11-21 06:07
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user running the script. This may impact those who use `gradlew` on Unix-like systems or use the scripts generated by Gradle in thieir application on Unix-like systems. For this vulnerability to be exploitable, an attacker needs to be able to set the value of particular environment variables and have those environment variables be seen by the vulnerable scripts. This issue has been patched in Gradle 7.2 by removing the use of `eval` and requiring the use of the `bash` shell. There are a few workarounds available. For CI/CD systems using the Gradle build tool, one may ensure that untrusted users are unable to change environment variables for the user that executes `gradlew`. If one is unable to upgrade to Gradle 7.2, one may generate a new `gradlew` script with Gradle 7.2 and use it for older versions of Gradle. Fpplications using start scripts generated by Gradle, one may ensure that untrusted users are unable to change environment variables for the user that executes the start script. A vulnerable start script could be manually patched to remove the use of `eval` or the use of environment variables that affect the application's command-line. If the application is simple enough, one may be able to avoid the use of the start scripts by running the application directly with Java command.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/gradle/gradle/security/advisories/GHSA-6j2p-252f-7mw8 | Exploit, Third Party Advisory | |
| security-advisories@github.com | https://medium.com/dot-debug/the-perils-of-bash-eval-cc5f9e309cae | Exploit, Third Party Advisory | |
| security-advisories@github.com | https://mywiki.wooledge.org/BashFAQ/048 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gradle/gradle/security/advisories/GHSA-6j2p-252f-7mw8 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://medium.com/dot-debug/the-perils-of-bash-eval-cc5f9e309cae | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mywiki.wooledge.org/BashFAQ/048 | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*", matchCriteriaId: "A86970B6-7718-4557-BF33-CC3D2238D386", versionEndExcluding: "7.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user running the script. This may impact those who use `gradlew` on Unix-like systems or use the scripts generated by Gradle in thieir application on Unix-like systems. For this vulnerability to be exploitable, an attacker needs to be able to set the value of particular environment variables and have those environment variables be seen by the vulnerable scripts. This issue has been patched in Gradle 7.2 by removing the use of `eval` and requiring the use of the `bash` shell. There are a few workarounds available. For CI/CD systems using the Gradle build tool, one may ensure that untrusted users are unable to change environment variables for the user that executes `gradlew`. If one is unable to upgrade to Gradle 7.2, one may generate a new `gradlew` script with Gradle 7.2 and use it for older versions of Gradle. Fpplications using start scripts generated by Gradle, one may ensure that untrusted users are unable to change environment variables for the user that executes the start script. A vulnerable start script could be manually patched to remove the use of `eval` or the use of environment variables that affect the application's command-line. If the application is simple enough, one may be able to avoid the use of the start scripts by running the application directly with Java command.", }, { lang: "es", value: "Gradle es una herramienta de construcción con un enfoque en la automatización de la construcción. En versiones anteriores a la 7.2, los scripts de inicio generados por el plugin `application` y el script `gradlew` son vulnerables a la ejecución de código arbitrario cuando un atacante es capaz de cambiar las variables de entorno del usuario que ejecuta el script. Esto puede afectar a aquellos que utilizan `gradlew` en sistemas tipo Unix o utilizan los scripts generados por Gradle en su aplicación en sistemas tipo Unix. Para que esta vulnerabilidad sea explotable, un atacante debe ser capaz de establecer el valor de determinadas variables de entorno y hacer que esas variables de entorno sean vistas por los scripts vulnerables. Este problema ha sido parcheado en Gradle 7.2 eliminando el uso de `eval` y requiriendo el uso del shell `bash`. Hay algunas soluciones disponibles. Para los sistemas CI/CD que utilizan la herramienta de construcción Gradle, se puede asegurar que los usuarios no confiables no puedan cambiar las variables de entorno para el usuario que ejecuta `gradlew`. Si no se puede actualizar a Gradle 7.2, se puede generar un nuevo script `gradlew` con Gradle 7.2 y utilizarlo para versiones anteriores de Gradle. En las aplicaciones que utilizan scripts de inicio generados por Gradle, se puede asegurar que los usuarios no confiables no puedan cambiar las variables de entorno del usuario que ejecuta el script de inicio. Un script de inicio vulnerable podría ser parcheado manualmente para eliminar el uso de `eval` o el uso de variables de entorno que afectan a la línea de comandos de la aplicación. Si la aplicación es lo suficientemente simple, se puede evitar el uso de los scripts de inicio ejecutando la aplicación directamente con el comando Java", }, ], id: "CVE-2021-32751", lastModified: "2024-11-21T06:07:40.180", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 8.5, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-07-20T23:15:37.743", references: [ { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-6j2p-252f-7mw8", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://medium.com/dot-debug/the-perils-of-bash-eval-cc5f9e309cae", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://mywiki.wooledge.org/BashFAQ/048", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-6j2p-252f-7mw8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://medium.com/dot-debug/the-perils-of-bash-eval-cc5f9e309cae", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://mywiki.wooledge.org/BashFAQ/048", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-02-07 15:59
Modified
2024-11-21 02:55
Severity ?
Summary
ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://discuss.gradle.org/t/a-security-issue-about-gradle-rce/17726 | Exploit, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://philwantsfish.github.io/security/java-deserialization-github | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://discuss.gradle.org/t/a-security-issue-about-gradle-rce/17726 | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://philwantsfish.github.io/security/java-deserialization-github | Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gradle:gradle:2.12:*:*:*:*:*:*:*", matchCriteriaId: "EC546EE0-2EC8-4515-9AFC-2C1D08147973", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object.", }, { lang: "es", value: "ObjectSocketWrapper.java en Gradle 2.12 permite a atacantes remotos ejecutar código arbitrario a través de un objeto serializado manipulado.", }, ], id: "CVE-2016-6199", lastModified: "2024-11-21T02:55:39.600", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-02-07T15:59:00.427", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "https://discuss.gradle.org/t/a-security-issue-about-gradle-rce/17726", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://philwantsfish.github.io/security/java-deserialization-github", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "https://discuss.gradle.org/t/a-security-issue-about-gradle-rce/17726", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://philwantsfish.github.io/security/java-deserialization-github", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-16 18:15
Modified
2024-11-21 04:30
Severity ?
Summary
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/gradle/gradle/commit/425b2b7a50cd84106a77cdf1ab665c89c6b14d2f | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/gradle/gradle/pull/10543 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gradle/gradle/commit/425b2b7a50cd84106a77cdf1ab665c89c6b14d2f | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gradle/gradle/pull/10543 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*", matchCriteriaId: "2F74A953-F15A-46FD-9A96-9B25B5F154A2", versionEndExcluding: "6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.", }, { lang: "es", value: "El plugin PGP signing en Gradle versiones anteriores a 6.0, se basa en el algoritmo SHA-1, lo que podría permitir a un atacante reemplazar un artefacto por otro diferente que tenga el mismo resumen de mensaje SHA-1, un problema relacionado con el CVE-2005-4900.", }, ], id: "CVE-2019-16370", lastModified: "2024-11-21T04:30:35.267", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-16T18:15:12.190", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/commit/425b2b7a50cd84106a77cdf1ab665c89c6b14d2f", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/pull/10543", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/commit/425b2b7a50cd84106a77cdf1ab665c89c6b14d2f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/pull/10543", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-327", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-12 22:15
Modified
2024-11-21 06:01
Severity ?
4.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system temporary directory first. Sensitive information contained in these files can be exposed to other local users on the same system. If you do not use the `TextResourceFactory` API, you are not vulnerable. As of Gradle 7.0, uses of the system temporary directory have been moved to the Gradle User Home directory. By default, this directory is restricted to the user running the build. As a workaround, set a more restrictive umask that removes read access to other users. When files are created in the system temporary directory, they will not be accessible to other users. If you are unable to change your system's umask, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://docs.gradle.org/7.0/release-notes.html#security-advisories | Release Notes, Vendor Advisory | |
| security-advisories@github.com | https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8 | Exploit, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.gradle.org/7.0/release-notes.html#security-advisories | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8 | Exploit, Mitigation, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*", matchCriteriaId: "1CBD5FF7-3589-474C-8BA7-0385D3E4BC0F", versionEndExcluding: "7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*", matchCriteriaId: "EF712520-1CFD-473A-B3F5-3CDDFE9C2C9A", versionEndIncluding: "2.2.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system temporary directory first. Sensitive information contained in these files can be exposed to other local users on the same system. If you do not use the `TextResourceFactory` API, you are not vulnerable. As of Gradle 7.0, uses of the system temporary directory have been moved to the Gradle User Home directory. By default, this directory is restricted to the user running the build. As a workaround, set a more restrictive umask that removes read access to other users. When files are created in the system temporary directory, they will not be accessible to other users. If you are unable to change your system's umask, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only.", }, { lang: "es", value: "En Gradle versiones anteriores a 7.0, los archivos creados con permisos abiertos en el directorio temporal del sistema pueden permitir a un atacante acceder a la información descargada por Gradle. Algunas compilaciones pueden ser vulnerables a una divulgación de información local. Los archivos remotos a los que se accede por medio de TextResourceFactory son descargados primero en el directorio temporal del sistema. Información confidencial contenida en estos archivos pueden ser expuestas a otros usuarios locales en el mismo sistema. Si no usa la API \"TextResourceFactory\", no es vulnerable. A partir de Gradle versión 7.0, los usos del directorio temporal del sistema han sido movido al directorio Gradle User Home. Por defecto, este directorio está restringido al usuario que ejecuta la compilación. Como solución alternativa, establezca una máscara de usuario más restrictiva que elimine el acceso de lectura a otros usuarios. Cuando se crean archivos en el directorio temporal del sistema, no serán accedidos por otros usuarios. Si no puede cambiar la umask de su sistema, puede mover el directorio temporal de Java al configurar el System Property \"java.io.tmpdir\". La nueva ruta debe limitar los permisos solo al usuario de la compilación", }, ], id: "CVE-2021-29429", lastModified: "2024-11-21T06:01:04.717", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 1.9, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-12T22:15:13.320", references: [ { source: "security-advisories@github.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://docs.gradle.org/7.0/release-notes.html#security-advisories", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Mitigation", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://docs.gradle.org/7.0/release-notes.html#security-advisories", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mitigation", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-377", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-01 20:15
Modified
2024-11-21 04:59
Severity ?
Summary
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:ant:1.10.8:*:*:*:*:*:*:*", matchCriteriaId: "C7C6AA13-6D4A-44F8-99B2-68E1626DD57B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*", matchCriteriaId: "B216FC24-1136-430F-B480-E3CFA1838B4B", versionEndExcluding: "6.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "A5553591-073B-45E3-999F-21B8BA2EEE22", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "C2BEE49E-A5AA-42D3-B422-460454505480", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F4FF66F7-10C8-4A1C-910A-EF7D12A4284C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", matchCriteriaId: "132CE62A-FBFC-4001-81EC-35D81F73AF48", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "282150FF-C945-4A3E-8A80-E8757A8907EA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", matchCriteriaId: "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*", matchCriteriaId: "FBCE22C0-4253-40A5-89AE-499A3BC9EFF3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:*", matchCriteriaId: "AB612B4A-27C4-491E-AABD-6CAADE2E249E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "539DA24F-E3E0-4455-84C6-A9D96CD601B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "A7637F8B-15F1-42E2-BE18-E1FF7C66587D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9901F6BA-78D5-45B8-9409-07FF1C6DDD38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "9FADE563-5AAA-42FF-B43F-35B20A2386C9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "0D7C6438-6E88-41CD-BE34-90341030E41F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*", matchCriteriaId: "69300B13-8C0F-4433-A6E8-B2CE32C4723D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "40F940AA-05BE-426C-89A3-4098E107D9A7", versionEndIncluding: "8.0.9", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "6FB8AE1F-FA6B-4A5E-AA5B-D0B7C78FE886", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "41C2C67B-BF55-4B48-A94D-1F37A4FAC68C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6762F207-93C7-4363-B2F9-7A7C6F8AF993", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1B74B912-152D-4F38-9FC1-741D6D0B27FC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "06CF27F6-ADC1-480C-9D2E-2BD1E7330C32", versionEndIncluding: "16.2.11", versionStartIncluding: "16.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "2D3D3B98-C309-4598-BBCD-AF944A13FDC1", versionEndIncluding: "17.12.9", versionStartIncluding: "17.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", matchCriteriaId: "38340E3C-C452-4370-86D4-355B6B4E0A06", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real-time_decision_server:3.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C914A8CA-352B-4B02-8A2F-D5A6EC04AF53", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real-time_decision_server:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "3DBAC91D-14AA-4FEA-BBDA-C09CB5B3B831", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*", matchCriteriaId: "56239DBD-E294-44A4-9DD3-CEEC58C1BC0C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "48C9BD8E-7214-4B44-B549-6F11B3EA8A04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_category_management_planning_\\&_optimization:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5C054317-4891-44EE-B7E9-DD9B8E7BAE54", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A2140357-503A-4D2A-A099-CFA4DC649E41", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:20.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E834CC29-EFFC-4B09-89FD-761E3744F23C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:14.1.3:*:*:*:*:*:*:*", matchCriteriaId: "CADAC4BA-0451-4FFD-9071-087C8568C3C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "17AEB94A-ED0B-4A2F-A03B-DD963E83CE73", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6B042849-7EF5-4A5F-B6CD-712C0B8735BF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "FA800332-C6B9-4F05-9FB0-72C1040AAFD4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_item_planning:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "1DD30470-55C7-491F-A2FD-754CDF5A750F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_macro_space_optimization:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "70B2E10E-2BFF-4E43-9EF8-3EF56FD252C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandise_financial_planning:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5929F6F2-853A-4FE0-8F64-0F7861091A03", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "212A8F95-8EA0-471B-82D9-5DECCBCE5C2D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "F8383028-B719-41FD-9B6A-71F8EB4C5F8D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*", matchCriteriaId: "F6DA82ED-20FF-4E6D-ACA0-C65F51F4F5C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_regular_price_optimization:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0922934E-2658-430F-99BE-A13C8A5F4338", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_replenishment_optimization:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "86F5DE7E-2712-4A04-8FBE-AEE2CB3D03F6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1.3:*:*:*:*:*:*:*", matchCriteriaId: "D7FCC976-615C-4DE5-9F50-1B25E9553962", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "84142490-E2D5-4B1F-A0D2-D2D68B120AFF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DEE71EA5-B315-4F1E-BFEE-EC426B562F7E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_size_profile_optimization:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "74ACC94B-4A9F-451D-B639-6008A108BDDC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.9:*:*:*:*:*:*:*", matchCriteriaId: "C4C6CCB0-241E-4295-B4D0-F021CEC660D5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "7C96F0D4-4640-447B-A3AB-0AACF2E80C84", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "8ACC6BE4-B48B-489F-93DB-82A72D1AA409", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:*", matchCriteriaId: "78D8F551-8DC8-4510-8350-AE6BC64748DF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", matchCriteriaId: "490B2C44-CECD-4551-B04F-4076D0E053C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", matchCriteriaId: "48EFC111-B01B-4C34-87E4-D6B2C40C0122", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", matchCriteriaId: "073FEA23-E46A-4C73-9D29-95CFF4F5A59D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*", matchCriteriaId: "6953CFDB-33C0-4B8E-BBBD-E460A17E8ED3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:storagetek_tape_analytics:2.4:*:*:*:*:*:*:*", matchCriteriaId: "EE6B6243-9FE9-432B-B5A8-20E515E06A93", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", matchCriteriaId: "513AE97F-161C-43D2-B2D1-653125A9E920", versionEndExcluding: "11.2.2.8.27", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "A5BBA303-8D2B-48C5-B52A-4E192166699C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*", matchCriteriaId: "8DF02546-3F0D-4FDD-89B1-8A3FE43FB5BF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3F906F04-39E4-4BE4-8A73-9D058AAADB43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7B393A82-476A-4270-A903-38ED4169E431", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.", }, { lang: "es", value: "Como mitigación para CVE-2020-1945, Apache Ant versión 1.10.8, cambió los permisos de los archivos temporales que creó para que solo el usuario actual pudiera acceder a ellos. Desafortunadamente, la tarea fixcrlf eliminó el archivo temporal y creó uno nuevo sin dicha protección, anulando efectivamente el esfuerzo. Esto podría seguir permitiendo a un atacante inyectar archivos fuente modificados en el proceso de compilación", }, ], id: "CVE-2020-11979", lastModified: "2024-11-21T04:59:02.170", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-01T20:15:13.033", references: [ { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI/", }, { source: "security@apache.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS/", }, { source: "security@apache.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB/", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202011-18", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202011-18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-379", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-09-24 03:15
Modified
2024-11-21 06:26
Severity ?
Summary
Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://security.gradle.com/advisory/2021-02 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gradle.com/advisory/2021-02 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gradle:gradle:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "DBED4A28-D648-4BA5-9B1F-81CC2F4C92EA", versionEndExcluding: "2021.1.3", versionStartIncluding: "2020.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header.", }, { lang: "es", value: "Gradle Enterprise versiones anteriores a 2021.1.3, puede permitir una visualización no autorizada de una respuesta (divulgación de información de detalles de construcción/configuración posiblemente confidenciales) por medio de una petición HTTP diseñada con el encabezado X-Gradle-Enterprise-Ajax-Request.", }, ], id: "CVE-2021-41584", lastModified: "2024-11-21T06:26:28.313", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-09-24T03:15:06.673", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://security.gradle.com/advisory/2021-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://security.gradle.com/advisory/2021-02", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-02 04:15
Modified
2024-11-21 07:50
Severity ?
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs (64bits) for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a `trusted-key` or `pgp` element in their dependency verification metadata file. The fix is to fail dependency verification if anything but a fingerprint is used in a trust element in dependency verification metadata. The problem is fixed in Gradle 8.0 and above. The problem is also patched in Gradle 6.9.4 and 7.6.1. As a workaround, use only full fingerprint IDs for `trusted-key` or `pgp` element in the metadata is a protection against this issue.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*", matchCriteriaId: "8732BDFB-DB33-45F9-A52E-15330C68D124", versionEndExcluding: "6.9.4", versionStartIncluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*", matchCriteriaId: "81ABACD1-D93F-4D90-AA79-5A64C9D2F71A", versionEndExcluding: "7.6.1", versionStartIncluding: "7.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs (64bits) for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a `trusted-key` or `pgp` element in their dependency verification metadata file. The fix is to fail dependency verification if anything but a fingerprint is used in a trust element in dependency verification metadata. The problem is fixed in Gradle 8.0 and above. The problem is also patched in Gradle 6.9.4 and 7.6.1. As a workaround, use only full fingerprint IDs for `trusted-key` or `pgp` element in the metadata is a protection against this issue.", }, ], id: "CVE-2023-26053", lastModified: "2024-11-21T07:50:40.060", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 5.9, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-02T04:15:11.147", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/gradle/gradle/commit/bf3cc0f2b463033037e67aaacda31291643ea1a9", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-c724-3xg7-g3hf", }, { source: "security-advisories@github.com", url: "https://security.netapp.com/advisory/ntap-20230413-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/gradle/gradle/commit/bf3cc0f2b463033037e67aaacda31291643ea1a9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-c724-3xg7-g3hf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20230413-0002/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-829", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-829", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-05 18:15
Modified
2024-11-21 08:25
Severity ?
3.2 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Summary
Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depending on where build artifacts end up being copied to or un-archived. In versions 7.6.3, 8.4 and above, Gradle will now properly use the permissions of the file pointed at by the symlink to set permissions of the copied or archived file.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*", matchCriteriaId: "77803A01-94E7-4C76-BAF3-ED44AE596010", versionEndExcluding: "7.6.3", vulnerable: true, }, { criteria: "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*", matchCriteriaId: "E104EF19-8B72-4A31-B2AC-8312F7C6452F", versionEndExcluding: "8.4.0", versionStartIncluding: "8.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depending on where build artifacts end up being copied to or un-archived. In versions 7.6.3, 8.4 and above, Gradle will now properly use the permissions of the file pointed at by the symlink to set permissions of the copied or archived file.", }, { lang: "es", value: "Gradle es una herramienta de compilación centrada en la automatización de la compilación y soporte para el desarrollo en varios idiomas. Al copiar o archivar archivos vinculados simbólicamente, Gradle los resuelve pero aplica los permisos del enlace simbólico en lugar de los permisos del archivo vinculado al archivo resultante. Esto lleva a que los archivos tengan demasiados permisos, dado que los enlaces simbólicos suelen ser legibles y escribibles por todo el mundo. Si bien es poco probable que esto resulte en una vulnerabilidad directa para la compilación afectada, puede abrir vectores de ataque dependiendo de dónde terminen copiándose o desarchivándose los artefactos de la compilación. En las versiones 7.6.3, 8.4 y superiores, Gradle ahora usará correctamente los permisos del archivo al que apunta el enlace simbólico para establecer los permisos del archivo copiado o archivado.", }, ], id: "CVE-2023-44387", lastModified: "2024-11-21T08:25:47.733", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.2, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.5, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-05T18:15:12.787", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/gradle/gradle/releases/tag/v7.6.3", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/gradle/gradle/releases/tag/v8.4.0", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231110-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/gradle/gradle/releases/tag/v7.6.3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/gradle/gradle/releases/tag/v8.4.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231110-0006/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-06 14:15
Modified
2025-02-13 17:17
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle. In Gradle 7.6.3 and 8.4, resolving XML external entities has been disabled for all use cases to protect against this vulnerability. Gradle will now refuse to parse XML files that have XML external entities.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*", matchCriteriaId: "77803A01-94E7-4C76-BAF3-ED44AE596010", versionEndExcluding: "7.6.3", vulnerable: true, }, { criteria: "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*", matchCriteriaId: "E104EF19-8B72-4A31-B2AC-8312F7C6452F", versionEndExcluding: "8.4.0", versionStartIncluding: "8.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle. In Gradle 7.6.3 and 8.4, resolving XML external entities has been disabled for all use cases to protect against this vulnerability. Gradle will now refuse to parse XML files that have XML external entities.", }, { lang: "es", value: "Gradle es una herramienta de compilación centrada en la automatización de la build y soporte para el desarrollo en varios idiomas. En algunos casos, cuando Gradle analiza archivos XML, la resolución de entidades externas XML no está deshabilitada. Combinado con un ataque XXE fuera de banda (OOB-XXE), el simple hecho de analizar XML puede provocar la filtración de archivos de texto locales a un servidor remoto. Gradle analiza archivos XML para varios propósitos. La mayoría de las veces, Gradle analiza los archivos XML que generó o que ya estaban presentes localmente. Gradle solo puede recuperar los descriptores XML de Ivy y los archivos POM de Maven de repositorios remotos y analizarlos. En Gradle 7.6.3 y 8.4, la resolución de entidades externas XML se ha deshabilitado para todos los casos de uso para proteger contra esta vulnerabilidad. Gradle ahora se negará a analizar archivos XML que tengan entidades externas XML.", }, ], id: "CVE-2023-42445", lastModified: "2025-02-13T17:17:08.070", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.2, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-06T14:15:12.103", references: [ { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/gradle/gradle/releases/tag/v7.6.3", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/gradle/gradle/releases/tag/v8.4.0", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-mrff-q8qj-xvg8", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231110-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/gradle/gradle/releases/tag/v7.6.3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/gradle/gradle/releases/tag/v8.4.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-mrff-q8qj-xvg8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231110-0006/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-611", }, ], source: "security-advisories@github.com", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-13 20:15
Modified
2024-11-21 06:01
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies. This feature was introduced in the wake of the "A Confusing Dependency" blog post. In some cases, Gradle may ignore content filters and search all repositories for dependencies. This only occurs when repository content filtering is used from within a `pluginManagement` block in a settings file. This may change how dependencies are resolved for Gradle plugins and build scripts. For builds that are vulnerable, there are two risks: 1) Information disclosure: Gradle could make dependency requests to repositories outside your organization and leak internal package identifiers. 2) Dependency poisoning/Dependency confusion: Gradle could download a malicious binary from a repository outside your organization due to name squatting. For a full example and more details refer to the referenced GitHub Security Advisory. The problem has been patched and released with Gradle 7.0. Users relying on this feature should upgrade their build as soon as possible. As a workaround, users may use a company repository which has the right rules for fetching packages from public repositories, or use project level repository content filtering, inside `buildscript.repositories`. This option is available since Gradle 5.1 when the feature was introduced.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://docs.gradle.org/7.0/release-notes.html#security-advisories | Release Notes, Vendor Advisory | |
| security-advisories@github.com | https://github.com/gradle/gradle/security/advisories/GHSA-jvmj-rh6q-x395 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.gradle.org/7.0/release-notes.html#security-advisories | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gradle/gradle/security/advisories/GHSA-jvmj-rh6q-x395 | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*", matchCriteriaId: "76D1A1A2-F95B-481D-8EAE-9E54EF5B1F1B", versionEndExcluding: "7.0", versionStartIncluding: "5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*", matchCriteriaId: "EF712520-1CFD-473A-B3F5-3CDDFE9C2C9A", versionEndIncluding: "2.2.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies. This feature was introduced in the wake of the \"A Confusing Dependency\" blog post. In some cases, Gradle may ignore content filters and search all repositories for dependencies. This only occurs when repository content filtering is used from within a `pluginManagement` block in a settings file. This may change how dependencies are resolved for Gradle plugins and build scripts. For builds that are vulnerable, there are two risks: 1) Information disclosure: Gradle could make dependency requests to repositories outside your organization and leak internal package identifiers. 2) Dependency poisoning/Dependency confusion: Gradle could download a malicious binary from a repository outside your organization due to name squatting. For a full example and more details refer to the referenced GitHub Security Advisory. The problem has been patched and released with Gradle 7.0. Users relying on this feature should upgrade their build as soon as possible. As a workaround, users may use a company repository which has the right rules for fetching packages from public repositories, or use project level repository content filtering, inside `buildscript.repositories`. This option is available since Gradle 5.1 when the feature was introduced.", }, { lang: "es", value: "En Gradle desde versión 5.1 y anterior a la versión 7.0, se presenta una vulnerabilidad que puede conducir a la divulgación de información y/o envenenamiento por dependencia. El filtrado de contenido del repositorio es un control de seguridad que Gradle introdujo para ayudar a los usuarios a especificar qué repositorios se usan para resolver dependencias específicas. Esta función se introdujo a raíz de la publicación de blog \"A Confusing Dependency\". En algunos casos, Gradle puede ignorar los filtros de contenido y buscar dependencias en todos los repositorios. Esto solo ocurre cuando el filtrado de contenido del repositorio se usa dentro de un bloque `pluginManagement` en un archivo de configuración. Esto puede cambiar la forma en que se resuelven las dependencias para los plugins de Gradle y los scripts de compilación. Para las compilaciones que son vulnerables, existen dos riesgos: 1) Divulgación de información: Gradle podría realizar peticiones de dependencia a repositorios fuera de su organización y filtrar identificadores de paquetes internos. 2) Envenenamiento por Dependencia / Confusión de Dependencia: Gradle podría descargar un binario malicioso de un repositorio fuera de su organización debido a la ocupación ilegal de nombres. Para obtener un ejemplo completo y más detalles, consulte el Aviso de seguridad de GitHub al que se hace referencia. El problema se ha corregido y publicado con Gradle versión 7.0. Los usuarios que confían en esta función deben actualizar su compilación lo antes posible. Como solución alternativa, los usuarios pueden utilizar un repositorio de la empresa que tenga las reglas adecuadas para recuperar paquetes de repositorios públicos, o utilizar el filtrado de contenido del repositorio a nivel de proyecto, dentro de `buildscript.repositories`. Esta opción está disponible desde Gradle versión 5.1 cuando se introdujo la función", }, ], id: "CVE-2021-29427", lastModified: "2024-11-21T06:01:04.433", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.3, impactScore: 6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-13T20:15:21.703", references: [ { source: "security-advisories@github.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://docs.gradle.org/7.0/release-notes.html#security-advisories", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-jvmj-rh6q-x395", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://docs.gradle.org/7.0/release-notes.html#security-advisories", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-jvmj-rh6q-x395", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-829", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-09-24 15:15
Modified
2024-11-21 06:26
Severity ?
Summary
In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://security.gradle.com/advisory/2021-03 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gradle.com/advisory/2021-03 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gradle:gradle:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "DB3C3D7F-823A-4229-9F78-886C390F9149", versionEndExcluding: "2021.1.3", versionStartIncluding: "2017.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys.", }, { lang: "es", value: "En Gradle Enterprise versiones anteriores a 2021.1.3, una petición diseñada puede desencadenar una deserialización de objetos Java no seguros arbitrarios. El atacante debe tener las claves de cifrado y de firma.", }, ], id: "CVE-2021-41588", lastModified: "2024-11-21T06:26:28.877", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-09-24T15:15:08.890", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://security.gradle.com/advisory/2021-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://security.gradle.com/advisory/2021-03", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-14 20:15
Modified
2024-11-21 04:27
Severity ?
Summary
The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/gradle/gradle/issues/10278 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://github.com/gradle/gradle/pull/10176 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gradle/gradle/issues/10278 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gradle/gradle/pull/10176 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95 | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*", matchCriteriaId: "8B7A5A65-A668-4B9D-A69A-CA88776E1FBD", versionEndExcluding: "5.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007.", }, { lang: "es", value: "El cliente HTTP en Gradle en versiones anteriores a la 5.6 envía las credenciales de autenticación destinadas originalmente para el host configurado. Si ese host devuelve una redirección 30x, Gradle también envía esas credenciales a todos los hosts posteriores a los que redirige la petición. Esto es similar a CVE-2018-1000007.", }, ], id: "CVE-2019-15052", lastModified: "2024-11-21T04:27:57.640", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-14T20:15:11.650", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/issues/10278", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/pull/10176", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/issues/10278", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/pull/10176", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-522", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-09-24 15:15
Modified
2024-11-21 06:26
Severity ?
Summary
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://security.gradle.com/advisory/2021-04 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gradle.com/advisory/2021-04 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gradle:gradle:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "293CFC8A-8C79-407F-B030-1E1B3004CFF9", versionEndExcluding: "2021.1.3", versionStartIncluding: "2017.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources.", }, { lang: "es", value: "En Gradle Enterprise versiones anteriores a 2021.1.3, un atacante con la capacidad de llevar a cabo ataques de tipo SSRF puede potencialmente descubrir credenciales para otros recursos.", }, ], id: "CVE-2021-41587", lastModified: "2024-11-21T06:26:28.727", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-09-24T15:15:08.840", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://security.gradle.com/advisory/2021-04", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://security.gradle.com/advisory/2021-04", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-30 21:15
Modified
2025-02-13 17:16
Severity ?
6.9 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. Users are advised to upgrade. There are no known workarounds for this vulnerability.
### Impact
This is a path traversal vulnerability when Gradle deals with Tar archives, often referenced as TarSlip, a variant of ZipSlip.
* When unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions.
* For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read.
To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed.
Gradle uses Tar archives for its [Build Cache](https://docs.gradle.org/current/userguide/build_cache.html). These archives are safe when created by Gradle. But if an attacker had control of a remote build cache server, they could inject malicious build cache entries that leverage this vulnerability. This attack vector could also be exploited if a man-in-the-middle can be performed between the remote cache and the build.
### Patches
A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name.
It is recommended that users upgrade to a patched version.
### Workarounds
There is no workaround.
* If your build deals with Tar archives that you do not fully trust, you need to inspect them to confirm they do not attempt to leverage this vulnerability.
* If you use the Gradle remote build cache, make sure only trusted parties have write access to it and that connections to the remote cache are properly secured.
### References
* [CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')](https://cwe.mitre.org/data/definitions/22.html)
* [Gradle Build Cache](https://docs.gradle.org/current/userguide/build_cache.html)
* [ZipSlip](https://security.snyk.io/research/zip-slip-vulnerability)
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*", matchCriteriaId: "625A3013-4C8A-46A0-9559-A01BDB4C23CB", versionEndExcluding: "7.6.2", vulnerable: true, }, { criteria: "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*", matchCriteriaId: "8E909D6A-5F91-434F-8506-50CBC384EAB5", versionEndExcluding: "8.2.0", versionStartIncluding: "8.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n\n\n### Impact\n\nThis is a path traversal vulnerability when Gradle deals with Tar archives, often referenced as TarSlip, a variant of ZipSlip.\n\n* When unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions.\n* For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read.\n\nTo exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed.\n\nGradle uses Tar archives for its [Build Cache](https://docs.gradle.org/current/userguide/build_cache.html). These archives are safe when created by Gradle. But if an attacker had control of a remote build cache server, they could inject malicious build cache entries that leverage this vulnerability. This attack vector could also be exploited if a man-in-the-middle can be performed between the remote cache and the build.\n\n### Patches\n\nA fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name.\n\nIt is recommended that users upgrade to a patched version.\n\n### Workarounds\n\nThere is no workaround.\n\n* If your build deals with Tar archives that you do not fully trust, you need to inspect them to confirm they do not attempt to leverage this vulnerability.\n* If you use the Gradle remote build cache, make sure only trusted parties have write access to it and that connections to the remote cache are properly secured.\n\n### References\n\n* [CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')](https://cwe.mitre.org/data/definitions/22.html)\n* [Gradle Build Cache](https://docs.gradle.org/current/userguide/build_cache.html)\n* [ZipSlip](https://security.snyk.io/research/zip-slip-vulnerability)", }, ], id: "CVE-2023-35947", lastModified: "2025-02-13T17:16:40.690", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.3, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-30T21:15:09.147", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/gradle/gradle/commit/1096b309520a8c315e3b6109a6526de4eabcb879", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/gradle/gradle/commit/2e5c34d57d0c0b7f0e8b039a192b91e5c8249d91", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-84mw-qh6q-v842", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20230803-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/gradle/gradle/commit/1096b309520a8c315e3b6109a6526de4eabcb879", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/gradle/gradle/commit/2e5c34d57d0c0b7f0e8b039a192b91e5c8249d91", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-84mw-qh6q-v842", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20230803-0007/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "security-advisories@github.com", type: "Secondary", }, ], }
cve-2019-15052
Vulnerability from cvelistv5
Published
2019-08-14 19:38
Modified
2024-08-05 00:34
Severity ?
EPSS score ?
Summary
The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/gradle/gradle/pull/10176 | x_refsource_MISC | |
| https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95 | x_refsource_MISC | |
| https://github.com/gradle/gradle/issues/10278 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:34:53.188Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gradle/gradle/pull/10176", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gradle/gradle/issues/10278", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-16T17:34:59", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/gradle/gradle/pull/10176", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/gradle/gradle/issues/10278", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-15052", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/gradle/gradle/pull/10176", refsource: "MISC", url: "https://github.com/gradle/gradle/pull/10176", }, { name: "https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95", refsource: "MISC", url: "https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95", }, { name: "https://github.com/gradle/gradle/issues/10278", refsource: "MISC", url: "https://github.com/gradle/gradle/issues/10278", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-15052", datePublished: "2019-08-14T19:38:41", dateReserved: "2019-08-14T00:00:00", dateUpdated: "2024-08-05T00:34:53.188Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-6199
Vulnerability from cvelistv5
Published
2017-02-07 15:00
Modified
2024-08-06 01:22
Severity ?
EPSS score ?
Summary
ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object.
References
| ▼ | URL | Tags |
|---|---|---|
| https://philwantsfish.github.io/security/java-deserialization-github | x_refsource_MISC | |
| https://discuss.gradle.org/t/a-security-issue-about-gradle-rce/17726 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:22:20.677Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://philwantsfish.github.io/security/java-deserialization-github", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://discuss.gradle.org/t/a-security-issue-about-gradle-rce/17726", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-22T00:00:00", descriptions: [ { lang: "en", value: "ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-07T13:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://philwantsfish.github.io/security/java-deserialization-github", }, { tags: [ "x_refsource_MISC", ], url: "https://discuss.gradle.org/t/a-security-issue-about-gradle-rce/17726", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-6199", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://philwantsfish.github.io/security/java-deserialization-github", refsource: "MISC", url: "https://philwantsfish.github.io/security/java-deserialization-github", }, { name: "https://discuss.gradle.org/t/a-security-issue-about-gradle-rce/17726", refsource: "MISC", url: "https://discuss.gradle.org/t/a-security-issue-about-gradle-rce/17726", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-6199", datePublished: "2017-02-07T15:00:00", dateReserved: "2016-07-11T00:00:00", dateUpdated: "2024-08-06T01:22:20.677Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41586
Vulnerability from cvelistv5
Published
2021-09-24 14:18
Modified
2024-08-04 03:15
Severity ?
EPSS score ?
Summary
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gradle.com/advisory/2021-05 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:15:29.202Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security.gradle.com/advisory/2021-05", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-09-24T14:18:53", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://security.gradle.com/advisory/2021-05", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-41586", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://security.gradle.com/advisory/2021-05", refsource: "MISC", url: "https://security.gradle.com/advisory/2021-05", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-41586", datePublished: "2021-09-24T14:18:53", dateReserved: "2021-09-24T00:00:00", dateUpdated: "2024-08-04T03:15:29.202Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35947
Vulnerability from cvelistv5
Published
2023-06-30 20:18
Modified
2025-02-13 16:55
Severity ?
EPSS score ?
Summary
Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. Users are advised to upgrade. There are no known workarounds for this vulnerability.
### Impact
This is a path traversal vulnerability when Gradle deals with Tar archives, often referenced as TarSlip, a variant of ZipSlip.
* When unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions.
* For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read.
To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed.
Gradle uses Tar archives for its [Build Cache](https://docs.gradle.org/current/userguide/build_cache.html). These archives are safe when created by Gradle. But if an attacker had control of a remote build cache server, they could inject malicious build cache entries that leverage this vulnerability. This attack vector could also be exploited if a man-in-the-middle can be performed between the remote cache and the build.
### Patches
A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name.
It is recommended that users upgrade to a patched version.
### Workarounds
There is no workaround.
* If your build deals with Tar archives that you do not fully trust, you need to inspect them to confirm they do not attempt to leverage this vulnerability.
* If you use the Gradle remote build cache, make sure only trusted parties have write access to it and that connections to the remote cache are properly secured.
### References
* [CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')](https://cwe.mitre.org/data/definitions/22.html)
* [Gradle Build Cache](https://docs.gradle.org/current/userguide/build_cache.html)
* [ZipSlip](https://security.snyk.io/research/zip-slip-vulnerability)
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:37:41.395Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/gradle/gradle/security/advisories/GHSA-84mw-qh6q-v842", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-84mw-qh6q-v842", }, { name: "https://github.com/gradle/gradle/commit/1096b309520a8c315e3b6109a6526de4eabcb879", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gradle/gradle/commit/1096b309520a8c315e3b6109a6526de4eabcb879", }, { name: "https://github.com/gradle/gradle/commit/2e5c34d57d0c0b7f0e8b039a192b91e5c8249d91", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gradle/gradle/commit/2e5c34d57d0c0b7f0e8b039a192b91e5c8249d91", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230803-0007/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "gradle", vendor: "gradle", versions: [ { status: "affected", version: "< 7.6.1", }, { status: "affected", version: ">= 8.0, < 8.2", }, ], }, ], descriptions: [ { lang: "en", value: "Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n\n\n### Impact\n\nThis is a path traversal vulnerability when Gradle deals with Tar archives, often referenced as TarSlip, a variant of ZipSlip.\n\n* When unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions.\n* For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read.\n\nTo exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed.\n\nGradle uses Tar archives for its [Build Cache](https://docs.gradle.org/current/userguide/build_cache.html). These archives are safe when created by Gradle. But if an attacker had control of a remote build cache server, they could inject malicious build cache entries that leverage this vulnerability. This attack vector could also be exploited if a man-in-the-middle can be performed between the remote cache and the build.\n\n### Patches\n\nA fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name.\n\nIt is recommended that users upgrade to a patched version.\n\n### Workarounds\n\nThere is no workaround.\n\n* If your build deals with Tar archives that you do not fully trust, you need to inspect them to confirm they do not attempt to leverage this vulnerability.\n* If you use the Gradle remote build cache, make sure only trusted parties have write access to it and that connections to the remote cache are properly secured.\n\n### References\n\n* [CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')](https://cwe.mitre.org/data/definitions/22.html)\n* [Gradle Build Cache](https://docs.gradle.org/current/userguide/build_cache.html)\n* [ZipSlip](https://security.snyk.io/research/zip-slip-vulnerability)", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-03T14:06:25.421Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/gradle/gradle/security/advisories/GHSA-84mw-qh6q-v842", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-84mw-qh6q-v842", }, { name: "https://github.com/gradle/gradle/commit/1096b309520a8c315e3b6109a6526de4eabcb879", tags: [ "x_refsource_MISC", ], url: "https://github.com/gradle/gradle/commit/1096b309520a8c315e3b6109a6526de4eabcb879", }, { name: "https://github.com/gradle/gradle/commit/2e5c34d57d0c0b7f0e8b039a192b91e5c8249d91", tags: [ "x_refsource_MISC", ], url: "https://github.com/gradle/gradle/commit/2e5c34d57d0c0b7f0e8b039a192b91e5c8249d91", }, { url: "https://security.netapp.com/advisory/ntap-20230803-0007/", }, ], source: { advisory: "GHSA-84mw-qh6q-v842", discovery: "UNKNOWN", }, title: "Path traversal vulnerabilities in handling of Tar archives in Gradle", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-35947", datePublished: "2023-06-30T20:18:06.263Z", dateReserved: "2023-06-20T14:02:45.598Z", dateUpdated: "2025-02-13T16:55:57.990Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44387
Vulnerability from cvelistv5
Published
2023-10-05 17:51
Modified
2025-02-13 17:13
Severity ?
EPSS score ?
Summary
Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depending on where build artifacts end up being copied to or un-archived. In versions 7.6.3, 8.4 and above, Gradle will now properly use the permissions of the file pointed at by the symlink to set permissions of the copied or archived file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9 | x_refsource_CONFIRM | |
| https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7 | x_refsource_MISC | |
| https://github.com/gradle/gradle/releases/tag/v7.6.3 | x_refsource_MISC | |
| https://github.com/gradle/gradle/releases/tag/v8.4.0 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20231110-0006/ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:07:32.921Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9", }, { name: "https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7", }, { name: "https://github.com/gradle/gradle/releases/tag/v7.6.3", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gradle/gradle/releases/tag/v7.6.3", }, { name: "https://github.com/gradle/gradle/releases/tag/v8.4.0", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gradle/gradle/releases/tag/v8.4.0", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231110-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "gradle", vendor: "gradle", versions: [ { status: "affected", version: ">= 7.6.0, < 7.6.3", }, { status: "affected", version: "< 8.4.0", }, ], }, ], descriptions: [ { lang: "en", value: "Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depending on where build artifacts end up being copied to or un-archived. In versions 7.6.3, 8.4 and above, Gradle will now properly use the permissions of the file pointed at by the symlink to set permissions of the copied or archived file.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.2, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-732", description: "CWE-732: Incorrect Permission Assignment for Critical Resource", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-10T18:06:31.367Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9", }, { name: "https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7", tags: [ "x_refsource_MISC", ], url: "https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7", }, { name: "https://github.com/gradle/gradle/releases/tag/v7.6.3", tags: [ "x_refsource_MISC", ], url: "https://github.com/gradle/gradle/releases/tag/v7.6.3", }, { name: "https://github.com/gradle/gradle/releases/tag/v8.4.0", tags: [ "x_refsource_MISC", ], url: "https://github.com/gradle/gradle/releases/tag/v8.4.0", }, { url: "https://security.netapp.com/advisory/ntap-20231110-0006/", }, ], source: { advisory: "GHSA-43r3-pqhv-f7h9", discovery: "UNKNOWN", }, title: "Gradle has incorrect permission assignment for symlinked files used in copy or archiving operations", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-44387", datePublished: "2023-10-05T17:51:15.407Z", dateReserved: "2023-09-28T17:56:32.613Z", dateUpdated: "2025-02-13T17:13:40.344Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-29429
Vulnerability from cvelistv5
Published
2021-04-12 21:30
Modified
2024-08-03 22:02
Severity ?
EPSS score ?
Summary
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system temporary directory first. Sensitive information contained in these files can be exposed to other local users on the same system. If you do not use the `TextResourceFactory` API, you are not vulnerable. As of Gradle 7.0, uses of the system temporary directory have been moved to the Gradle User Home directory. By default, this directory is restricted to the user running the build. As a workaround, set a more restrictive umask that removes read access to other users. When files are created in the system temporary directory, they will not be accessible to other users. If you are unable to change your system's umask, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8 | x_refsource_CONFIRM | |
| https://docs.gradle.org/7.0/release-notes.html#security-advisories | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:02:51.929Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.gradle.org/7.0/release-notes.html#security-advisories", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "gradle", vendor: "gradle", versions: [ { status: "affected", version: "< 7.0", }, ], }, ], descriptions: [ { lang: "en", value: "In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system temporary directory first. Sensitive information contained in these files can be exposed to other local users on the same system. If you do not use the `TextResourceFactory` API, you are not vulnerable. As of Gradle 7.0, uses of the system temporary directory have been moved to the Gradle User Home directory. By default, this directory is restricted to the user running the build. As a workaround, set a more restrictive umask that removes read access to other users. When files are created in the system temporary directory, they will not be accessible to other users. If you are unable to change your system's umask, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-377", description: "CWE-377 Insecure Temporary File", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-12T21:30:12", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8", }, { tags: [ "x_refsource_MISC", ], url: "https://docs.gradle.org/7.0/release-notes.html#security-advisories", }, ], source: { advisory: "GHSA-fp8h-qmr5-j4c8", discovery: "UNKNOWN", }, title: "Information disclosure through temporary directory permissions", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2021-29429", STATE: "PUBLIC", TITLE: "Information disclosure through temporary directory permissions", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "gradle", version: { version_data: [ { version_value: "< 7.0", }, ], }, }, ], }, vendor_name: "gradle", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system temporary directory first. Sensitive information contained in these files can be exposed to other local users on the same system. If you do not use the `TextResourceFactory` API, you are not vulnerable. As of Gradle 7.0, uses of the system temporary directory have been moved to the Gradle User Home directory. By default, this directory is restricted to the user running the build. As a workaround, set a more restrictive umask that removes read access to other users. When files are created in the system temporary directory, they will not be accessible to other users. If you are unable to change your system's umask, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-377 Insecure Temporary File", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8", refsource: "CONFIRM", url: "https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8", }, { name: "https://docs.gradle.org/7.0/release-notes.html#security-advisories", refsource: "MISC", url: "https://docs.gradle.org/7.0/release-notes.html#security-advisories", }, ], }, source: { advisory: "GHSA-fp8h-qmr5-j4c8", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2021-29429", datePublished: "2021-04-12T21:30:12", dateReserved: "2021-03-30T00:00:00", dateUpdated: "2024-08-03T22:02:51.929Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-30586
Vulnerability from cvelistv5
Published
2022-06-06 18:33
Modified
2024-08-03 06:56
Severity ?
EPSS score ?
Summary
Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gradle.com | x_refsource_MISC | |
| https://security.gradle.com/advisory/2022-09 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:56:13.120Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security.gradle.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security.gradle.com/advisory/2022-09", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-06T18:33:45", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://security.gradle.com", }, { tags: [ "x_refsource_MISC", ], url: "https://security.gradle.com/advisory/2022-09", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-30586", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://security.gradle.com", refsource: "MISC", url: "https://security.gradle.com", }, { name: "https://security.gradle.com/advisory/2022-09", refsource: "MISC", url: "https://security.gradle.com/advisory/2022-09", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-30586", datePublished: "2022-06-06T18:33:45", dateReserved: "2022-05-11T00:00:00", dateUpdated: "2024-08-03T06:56:13.120Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41588
Vulnerability from cvelistv5
Published
2021-09-24 14:18
Modified
2024-08-04 03:15
Severity ?
EPSS score ?
Summary
In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gradle.com/advisory/2021-03 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:15:28.927Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security.gradle.com/advisory/2021-03", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-09-24T14:18:31", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://security.gradle.com/advisory/2021-03", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-41588", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://security.gradle.com/advisory/2021-03", refsource: "MISC", url: "https://security.gradle.com/advisory/2021-03", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-41588", datePublished: "2021-09-24T14:18:31", dateReserved: "2021-09-24T00:00:00", dateUpdated: "2024-08-04T03:15:28.927Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41584
Vulnerability from cvelistv5
Published
2021-09-24 02:57
Modified
2024-08-04 03:15
Severity ?
EPSS score ?
Summary
Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gradle.com/advisory/2021-02 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:15:28.971Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security.gradle.com/advisory/2021-02", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-09-24T02:57:12", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://security.gradle.com/advisory/2021-02", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-41584", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://security.gradle.com/advisory/2021-02", refsource: "MISC", url: "https://security.gradle.com/advisory/2021-02", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-41584", datePublished: "2021-09-24T02:57:12", dateReserved: "2021-09-24T00:00:00", dateUpdated: "2024-08-04T03:15:28.971Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-32751
Vulnerability from cvelistv5
Published
2021-07-20 22:55
Modified
2024-08-03 23:33
Severity ?
EPSS score ?
Summary
Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user running the script. This may impact those who use `gradlew` on Unix-like systems or use the scripts generated by Gradle in thieir application on Unix-like systems. For this vulnerability to be exploitable, an attacker needs to be able to set the value of particular environment variables and have those environment variables be seen by the vulnerable scripts. This issue has been patched in Gradle 7.2 by removing the use of `eval` and requiring the use of the `bash` shell. There are a few workarounds available. For CI/CD systems using the Gradle build tool, one may ensure that untrusted users are unable to change environment variables for the user that executes `gradlew`. If one is unable to upgrade to Gradle 7.2, one may generate a new `gradlew` script with Gradle 7.2 and use it for older versions of Gradle. Fpplications using start scripts generated by Gradle, one may ensure that untrusted users are unable to change environment variables for the user that executes the start script. A vulnerable start script could be manually patched to remove the use of `eval` or the use of environment variables that affect the application's command-line. If the application is simple enough, one may be able to avoid the use of the start scripts by running the application directly with Java command.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/gradle/gradle/security/advisories/GHSA-6j2p-252f-7mw8 | x_refsource_CONFIRM | |
| https://medium.com/dot-debug/the-perils-of-bash-eval-cc5f9e309cae | x_refsource_MISC | |
| https://mywiki.wooledge.org/BashFAQ/048 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:33:55.749Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-6j2p-252f-7mw8", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://medium.com/dot-debug/the-perils-of-bash-eval-cc5f9e309cae", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://mywiki.wooledge.org/BashFAQ/048", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "gradle", vendor: "gradle", versions: [ { status: "affected", version: "< 7.2", }, ], }, ], descriptions: [ { lang: "en", value: "Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user running the script. This may impact those who use `gradlew` on Unix-like systems or use the scripts generated by Gradle in thieir application on Unix-like systems. For this vulnerability to be exploitable, an attacker needs to be able to set the value of particular environment variables and have those environment variables be seen by the vulnerable scripts. This issue has been patched in Gradle 7.2 by removing the use of `eval` and requiring the use of the `bash` shell. There are a few workarounds available. For CI/CD systems using the Gradle build tool, one may ensure that untrusted users are unable to change environment variables for the user that executes `gradlew`. If one is unable to upgrade to Gradle 7.2, one may generate a new `gradlew` script with Gradle 7.2 and use it for older versions of Gradle. Fpplications using start scripts generated by Gradle, one may ensure that untrusted users are unable to change environment variables for the user that executes the start script. A vulnerable start script could be manually patched to remove the use of `eval` or the use of environment variables that affect the application's command-line. If the application is simple enough, one may be able to avoid the use of the start scripts by running the application directly with Java command.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-20T22:55:12", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-6j2p-252f-7mw8", }, { tags: [ "x_refsource_MISC", ], url: "https://medium.com/dot-debug/the-perils-of-bash-eval-cc5f9e309cae", }, { tags: [ "x_refsource_MISC", ], url: "https://mywiki.wooledge.org/BashFAQ/048", }, ], source: { advisory: "GHSA-6j2p-252f-7mw8", discovery: "UNKNOWN", }, title: "Arbitrary code execution via specially crafted environment variables", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2021-32751", STATE: "PUBLIC", TITLE: "Arbitrary code execution via specially crafted environment variables", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "gradle", version: { version_data: [ { version_value: "< 7.2", }, ], }, }, ], }, vendor_name: "gradle", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user running the script. This may impact those who use `gradlew` on Unix-like systems or use the scripts generated by Gradle in thieir application on Unix-like systems. For this vulnerability to be exploitable, an attacker needs to be able to set the value of particular environment variables and have those environment variables be seen by the vulnerable scripts. This issue has been patched in Gradle 7.2 by removing the use of `eval` and requiring the use of the `bash` shell. There are a few workarounds available. For CI/CD systems using the Gradle build tool, one may ensure that untrusted users are unable to change environment variables for the user that executes `gradlew`. If one is unable to upgrade to Gradle 7.2, one may generate a new `gradlew` script with Gradle 7.2 and use it for older versions of Gradle. Fpplications using start scripts generated by Gradle, one may ensure that untrusted users are unable to change environment variables for the user that executes the start script. A vulnerable start script could be manually patched to remove the use of `eval` or the use of environment variables that affect the application's command-line. If the application is simple enough, one may be able to avoid the use of the start scripts by running the application directly with Java command.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/gradle/gradle/security/advisories/GHSA-6j2p-252f-7mw8", refsource: "CONFIRM", url: "https://github.com/gradle/gradle/security/advisories/GHSA-6j2p-252f-7mw8", }, { name: "https://medium.com/dot-debug/the-perils-of-bash-eval-cc5f9e309cae", refsource: "MISC", url: "https://medium.com/dot-debug/the-perils-of-bash-eval-cc5f9e309cae", }, { name: "https://mywiki.wooledge.org/BashFAQ/048", refsource: "MISC", url: "https://mywiki.wooledge.org/BashFAQ/048", }, ], }, source: { advisory: "GHSA-6j2p-252f-7mw8", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2021-32751", datePublished: "2021-07-20T22:55:12", dateReserved: "2021-05-12T00:00:00", dateUpdated: "2024-08-03T23:33:55.749Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35946
Vulnerability from cvelistv5
Published
2023-06-30 20:21
Modified
2025-02-13 16:55
Severity ?
EPSS score ?
Summary
Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to write files into an unintended location. The file may be written outside the dependency cache or over another file in the dependency cache. This vulnerability could be used to poison the dependency cache or overwrite important files elsewhere on the filesystem where the Gradle process has write permissions. Exploiting this vulnerability requires an attacker to have control over a dependency repository used by the Gradle build or have the ability to modify the build's configuration. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Gradle will refuse to cache dependencies that have path traversal elements in their dependency coordinates. It is recommended that users upgrade to a patched version. If you are unable to upgrade to Gradle 7.6.2 or 8.2, `dependency verification` will make this vulnerability more difficult to exploit.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:37:41.227Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/gradle/gradle/security/advisories/GHSA-2h6c-rv6q-494v", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-2h6c-rv6q-494v", }, { name: "https://github.com/gradle/gradle/commit/859eae2b2acf751ae7db3c9ffefe275aa5da0d5d", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gradle/gradle/commit/859eae2b2acf751ae7db3c9ffefe275aa5da0d5d", }, { name: "https://github.com/gradle/gradle/commit/b07e528feb3a5ffa66bdcc358549edd73e4c8a12", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gradle/gradle/commit/b07e528feb3a5ffa66bdcc358549edd73e4c8a12", }, { name: "https://docs.gradle.org/current/userguide/dependency_verification.html", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.gradle.org/current/userguide/dependency_verification.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230731-0003/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "gradle", vendor: "gradle", versions: [ { status: "affected", version: "< 7.6.2", }, { status: "affected", version: ">= 8.0, < 8.2", }, ], }, ], descriptions: [ { lang: "en", value: "Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to write files into an unintended location. The file may be written outside the dependency cache or over another file in the dependency cache. This vulnerability could be used to poison the dependency cache or overwrite important files elsewhere on the filesystem where the Gradle process has write permissions. Exploiting this vulnerability requires an attacker to have control over a dependency repository used by the Gradle build or have the ability to modify the build's configuration. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Gradle will refuse to cache dependencies that have path traversal elements in their dependency coordinates. It is recommended that users upgrade to a patched version. If you are unable to upgrade to Gradle 7.6.2 or 8.2, `dependency verification` will make this vulnerability more difficult to exploit.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-31T18:06:14.675Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/gradle/gradle/security/advisories/GHSA-2h6c-rv6q-494v", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-2h6c-rv6q-494v", }, { name: "https://github.com/gradle/gradle/commit/859eae2b2acf751ae7db3c9ffefe275aa5da0d5d", tags: [ "x_refsource_MISC", ], url: "https://github.com/gradle/gradle/commit/859eae2b2acf751ae7db3c9ffefe275aa5da0d5d", }, { name: "https://github.com/gradle/gradle/commit/b07e528feb3a5ffa66bdcc358549edd73e4c8a12", tags: [ "x_refsource_MISC", ], url: "https://github.com/gradle/gradle/commit/b07e528feb3a5ffa66bdcc358549edd73e4c8a12", }, { name: "https://docs.gradle.org/current/userguide/dependency_verification.html", tags: [ "x_refsource_MISC", ], url: "https://docs.gradle.org/current/userguide/dependency_verification.html", }, { url: "https://security.netapp.com/advisory/ntap-20230731-0003/", }, ], source: { advisory: "GHSA-2h6c-rv6q-494v", discovery: "UNKNOWN", }, title: "Dependency cache path traversal in Gradle", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-35946", datePublished: "2023-06-30T20:21:17.219Z", dateReserved: "2023-06-20T14:02:45.598Z", dateUpdated: "2025-02-13T16:55:57.371Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-16370
Vulnerability from cvelistv5
Published
2019-09-16 17:50
Modified
2024-08-05 01:10
Severity ?
EPSS score ?
Summary
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/gradle/gradle/pull/10543 | x_refsource_MISC | |
| https://github.com/gradle/gradle/commit/425b2b7a50cd84106a77cdf1ab665c89c6b14d2f | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:10:41.829Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gradle/gradle/pull/10543", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gradle/gradle/commit/425b2b7a50cd84106a77cdf1ab665c89c6b14d2f", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-16T17:50:28", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/gradle/gradle/pull/10543", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/gradle/gradle/commit/425b2b7a50cd84106a77cdf1ab665c89c6b14d2f", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-16370", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/gradle/gradle/pull/10543", refsource: "MISC", url: "https://github.com/gradle/gradle/pull/10543", }, { name: "https://github.com/gradle/gradle/commit/425b2b7a50cd84106a77cdf1ab665c89c6b14d2f", refsource: "MISC", url: "https://github.com/gradle/gradle/commit/425b2b7a50cd84106a77cdf1ab665c89c6b14d2f", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-16370", datePublished: "2019-09-16T17:50:28", dateReserved: "2019-09-16T00:00:00", dateUpdated: "2024-08-05T01:10:41.829Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-29428
Vulnerability from cvelistv5
Published
2021-04-13 17:55
Modified
2024-08-03 22:02
Severity ?
EPSS score ?
Summary
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the "sticky" bit set on your system temporary directory, you are not vulnerable. The problem has been patched and released with Gradle 7.0. As a workaround, on Unix-like operating systems, ensure that the "sticky" bit is set. This only allows the original user (or root) to delete a file. If you are unable to change the permissions of the system temporary directory, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. For additional details refer to the referenced GitHub Security Advisory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.gradle.org/7.0/release-notes.html#security-advisories | x_refsource_MISC | |
| https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336 | x_refsource_CONFIRM | |
| https://github.com/gradle/gradle/pull/15654 | x_refsource_MISC | |
| https://github.com/gradle/gradle/pull/15240 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:02:51.887Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.gradle.org/7.0/release-notes.html#security-advisories", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gradle/gradle/pull/15654", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gradle/gradle/pull/15240", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "gradle", vendor: "gradle", versions: [ { status: "affected", version: "< 7.0", }, ], }, ], descriptions: [ { lang: "en", value: "In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the \"sticky\" bit set on your system temporary directory, you are not vulnerable. The problem has been patched and released with Gradle 7.0. As a workaround, on Unix-like operating systems, ensure that the \"sticky\" bit is set. This only allows the original user (or root) to delete a file. If you are unable to change the permissions of the system temporary directory, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. For additional details refer to the referenced GitHub Security Advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-379", description: "CWE-379 Creation of Temporary File in Directory with Incorrect Permissions", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-378", description: "CWE-378: Creation of Temporary File With Insecure Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-13T17:55:18", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://docs.gradle.org/7.0/release-notes.html#security-advisories", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/gradle/gradle/pull/15654", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/gradle/gradle/pull/15240", }, ], source: { advisory: "GHSA-89qm-pxvm-p336", discovery: "UNKNOWN", }, title: "Local privilege escalation through system temporary directory", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2021-29428", STATE: "PUBLIC", TITLE: "Local privilege escalation through system temporary directory", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "gradle", version: { version_data: [ { version_value: "< 7.0", }, ], }, }, ], }, vendor_name: "gradle", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the \"sticky\" bit set on your system temporary directory, you are not vulnerable. The problem has been patched and released with Gradle 7.0. As a workaround, on Unix-like operating systems, ensure that the \"sticky\" bit is set. This only allows the original user (or root) to delete a file. If you are unable to change the permissions of the system temporary directory, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. For additional details refer to the referenced GitHub Security Advisory.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-379 Creation of Temporary File in Directory with Incorrect Permissions", }, ], }, { description: [ { lang: "eng", value: "CWE-378: Creation of Temporary File With Insecure Permissions", }, ], }, ], }, references: { reference_data: [ { name: "https://docs.gradle.org/7.0/release-notes.html#security-advisories", refsource: "MISC", url: "https://docs.gradle.org/7.0/release-notes.html#security-advisories", }, { name: "https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336", refsource: "CONFIRM", url: "https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336", }, { name: "https://github.com/gradle/gradle/pull/15654", refsource: "MISC", url: "https://github.com/gradle/gradle/pull/15654", }, { name: "https://github.com/gradle/gradle/pull/15240", refsource: "MISC", url: "https://github.com/gradle/gradle/pull/15240", }, ], }, source: { advisory: "GHSA-89qm-pxvm-p336", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2021-29428", datePublished: "2021-04-13T17:55:18", dateReserved: "2021-03-30T00:00:00", dateUpdated: "2024-08-03T22:02:51.887Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41587
Vulnerability from cvelistv5
Published
2021-09-24 14:18
Modified
2024-08-04 03:15
Severity ?
EPSS score ?
Summary
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gradle.com/advisory/2021-04 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:15:29.200Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security.gradle.com/advisory/2021-04", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-09-24T14:18:43", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://security.gradle.com/advisory/2021-04", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-41587", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://security.gradle.com/advisory/2021-04", refsource: "MISC", url: "https://security.gradle.com/advisory/2021-04", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-41587", datePublished: "2021-09-24T14:18:43", dateReserved: "2021-09-24T00:00:00", dateUpdated: "2024-08-04T03:15:29.200Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-31156
Vulnerability from cvelistv5
Published
2022-07-14 20:05
Modified
2024-08-03 07:11
Severity ?
EPSS score ?
Summary
Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This can occur in two ways. When signature verification is disabled but the verification metadata contains entries for dependencies that only have a `gpg` element but no `checksum` element. When signature verification is enabled, the verification metadata contains entries for dependencies with a `gpg` element but there is no signature file on the remote repository. In both cases, the verification will accept the dependency, skipping signature verification and not complaining that the dependency has no checksum entry. For builds that are vulnerable, there are two risks. Gradle could download a malicious binary from a repository outside your organization due to name squatting. For those still using HTTP only and not HTTPS for downloading dependencies, the build could download a malicious library instead of the expected one. Gradle 7.5 patches this issue by making sure to run checksum verification if signature verification cannot be completed, whatever the reason. Two workarounds are available: Remove all `gpg` elements from dependency verification metadata if you disable signature validation and/or avoid adding `gpg` entries for dependencies that do not have signature files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/gradle/gradle/security/advisories/GHSA-j6wc-xfg8-jx2j | x_refsource_CONFIRM | |
| https://docs.gradle.org/7.5/release-notes.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:11:39.622Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-j6wc-xfg8-jx2j", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.gradle.org/7.5/release-notes.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "gradle", vendor: "gradle", versions: [ { status: "affected", version: ">= 6.2, <= 7.4.2", }, ], }, ], descriptions: [ { lang: "en", value: "Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This can occur in two ways. When signature verification is disabled but the verification metadata contains entries for dependencies that only have a `gpg` element but no `checksum` element. When signature verification is enabled, the verification metadata contains entries for dependencies with a `gpg` element but there is no signature file on the remote repository. In both cases, the verification will accept the dependency, skipping signature verification and not complaining that the dependency has no checksum entry. For builds that are vulnerable, there are two risks. Gradle could download a malicious binary from a repository outside your organization due to name squatting. For those still using HTTP only and not HTTPS for downloading dependencies, the build could download a malicious library instead of the expected one. Gradle 7.5 patches this issue by making sure to run checksum verification if signature verification cannot be completed, whatever the reason. Two workarounds are available: Remove all `gpg` elements from dependency verification metadata if you disable signature validation and/or avoid adding `gpg` entries for dependencies that do not have signature files.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-829", description: "CWE-829: Inclusion of Functionality from Untrusted Control Sphere", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-14T20:05:11", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-j6wc-xfg8-jx2j", }, { tags: [ "x_refsource_MISC", ], url: "https://docs.gradle.org/7.5/release-notes.html", }, ], source: { advisory: "GHSA-j6wc-xfg8-jx2j", discovery: "UNKNOWN", }, title: "Gradle's dependency verification can ignore checksum verification when signature verification cannot be performed", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2022-31156", STATE: "PUBLIC", TITLE: "Gradle's dependency verification can ignore checksum verification when signature verification cannot be performed", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "gradle", version: { version_data: [ { version_value: ">= 6.2, <= 7.4.2", }, ], }, }, ], }, vendor_name: "gradle", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This can occur in two ways. When signature verification is disabled but the verification metadata contains entries for dependencies that only have a `gpg` element but no `checksum` element. When signature verification is enabled, the verification metadata contains entries for dependencies with a `gpg` element but there is no signature file on the remote repository. In both cases, the verification will accept the dependency, skipping signature verification and not complaining that the dependency has no checksum entry. For builds that are vulnerable, there are two risks. Gradle could download a malicious binary from a repository outside your organization due to name squatting. For those still using HTTP only and not HTTPS for downloading dependencies, the build could download a malicious library instead of the expected one. Gradle 7.5 patches this issue by making sure to run checksum verification if signature verification cannot be completed, whatever the reason. Two workarounds are available: Remove all `gpg` elements from dependency verification metadata if you disable signature validation and/or avoid adding `gpg` entries for dependencies that do not have signature files.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-829: Inclusion of Functionality from Untrusted Control Sphere", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/gradle/gradle/security/advisories/GHSA-j6wc-xfg8-jx2j", refsource: "CONFIRM", url: "https://github.com/gradle/gradle/security/advisories/GHSA-j6wc-xfg8-jx2j", }, { name: "https://docs.gradle.org/7.5/release-notes.html", refsource: "MISC", url: "https://docs.gradle.org/7.5/release-notes.html", }, ], }, source: { advisory: "GHSA-j6wc-xfg8-jx2j", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-31156", datePublished: "2022-07-14T20:05:11", dateReserved: "2022-05-18T00:00:00", dateUpdated: "2024-08-03T07:11:39.622Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-29427
Vulnerability from cvelistv5
Published
2021-04-13 17:55
Modified
2024-08-03 22:02
Severity ?
EPSS score ?
Summary
In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies. This feature was introduced in the wake of the "A Confusing Dependency" blog post. In some cases, Gradle may ignore content filters and search all repositories for dependencies. This only occurs when repository content filtering is used from within a `pluginManagement` block in a settings file. This may change how dependencies are resolved for Gradle plugins and build scripts. For builds that are vulnerable, there are two risks: 1) Information disclosure: Gradle could make dependency requests to repositories outside your organization and leak internal package identifiers. 2) Dependency poisoning/Dependency confusion: Gradle could download a malicious binary from a repository outside your organization due to name squatting. For a full example and more details refer to the referenced GitHub Security Advisory. The problem has been patched and released with Gradle 7.0. Users relying on this feature should upgrade their build as soon as possible. As a workaround, users may use a company repository which has the right rules for fetching packages from public repositories, or use project level repository content filtering, inside `buildscript.repositories`. This option is available since Gradle 5.1 when the feature was introduced.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.gradle.org/7.0/release-notes.html#security-advisories | x_refsource_MISC | |
| https://github.com/gradle/gradle/security/advisories/GHSA-jvmj-rh6q-x395 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:02:51.882Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.gradle.org/7.0/release-notes.html#security-advisories", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-jvmj-rh6q-x395", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "gradle", vendor: "gradle", versions: [ { status: "affected", version: ">= 5.1, <= 6.8.3", }, ], }, ], descriptions: [ { lang: "en", value: "In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies. This feature was introduced in the wake of the \"A Confusing Dependency\" blog post. In some cases, Gradle may ignore content filters and search all repositories for dependencies. This only occurs when repository content filtering is used from within a `pluginManagement` block in a settings file. This may change how dependencies are resolved for Gradle plugins and build scripts. For builds that are vulnerable, there are two risks: 1) Information disclosure: Gradle could make dependency requests to repositories outside your organization and leak internal package identifiers. 2) Dependency poisoning/Dependency confusion: Gradle could download a malicious binary from a repository outside your organization due to name squatting. For a full example and more details refer to the referenced GitHub Security Advisory. The problem has been patched and released with Gradle 7.0. Users relying on this feature should upgrade their build as soon as possible. As a workaround, users may use a company repository which has the right rules for fetching packages from public repositories, or use project level repository content filtering, inside `buildscript.repositories`. This option is available since Gradle 5.1 when the feature was introduced.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-829", description: "CWE-829 Inclusion of Functionality from Untrusted Control Sphere", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-13T17:55:24", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://docs.gradle.org/7.0/release-notes.html#security-advisories", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-jvmj-rh6q-x395", }, ], source: { advisory: "GHSA-jvmj-rh6q-x395", discovery: "UNKNOWN", }, title: "Repository content filters do not work in Settings pluginManagement", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2021-29427", STATE: "PUBLIC", TITLE: "Repository content filters do not work in Settings pluginManagement", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "gradle", version: { version_data: [ { version_value: ">= 5.1, <= 6.8.3", }, ], }, }, ], }, vendor_name: "gradle", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies. This feature was introduced in the wake of the \"A Confusing Dependency\" blog post. In some cases, Gradle may ignore content filters and search all repositories for dependencies. This only occurs when repository content filtering is used from within a `pluginManagement` block in a settings file. This may change how dependencies are resolved for Gradle plugins and build scripts. For builds that are vulnerable, there are two risks: 1) Information disclosure: Gradle could make dependency requests to repositories outside your organization and leak internal package identifiers. 2) Dependency poisoning/Dependency confusion: Gradle could download a malicious binary from a repository outside your organization due to name squatting. For a full example and more details refer to the referenced GitHub Security Advisory. The problem has been patched and released with Gradle 7.0. Users relying on this feature should upgrade their build as soon as possible. As a workaround, users may use a company repository which has the right rules for fetching packages from public repositories, or use project level repository content filtering, inside `buildscript.repositories`. This option is available since Gradle 5.1 when the feature was introduced.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-829 Inclusion of Functionality from Untrusted Control Sphere", }, ], }, ], }, references: { reference_data: [ { name: "https://docs.gradle.org/7.0/release-notes.html#security-advisories", refsource: "MISC", url: "https://docs.gradle.org/7.0/release-notes.html#security-advisories", }, { name: "https://github.com/gradle/gradle/security/advisories/GHSA-jvmj-rh6q-x395", refsource: "CONFIRM", url: "https://github.com/gradle/gradle/security/advisories/GHSA-jvmj-rh6q-x395", }, ], }, source: { advisory: "GHSA-jvmj-rh6q-x395", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2021-29427", datePublished: "2021-04-13T17:55:24", dateReserved: "2021-03-30T00:00:00", dateUpdated: "2024-08-03T22:02:51.882Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-26053
Vulnerability from cvelistv5
Published
2023-03-02 03:11
Modified
2025-03-05 21:15
Severity ?
EPSS score ?
Summary
Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs (64bits) for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a `trusted-key` or `pgp` element in their dependency verification metadata file. The fix is to fail dependency verification if anything but a fingerprint is used in a trust element in dependency verification metadata. The problem is fixed in Gradle 8.0 and above. The problem is also patched in Gradle 6.9.4 and 7.6.1. As a workaround, use only full fingerprint IDs for `trusted-key` or `pgp` element in the metadata is a protection against this issue.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:39:06.583Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/gradle/gradle/security/advisories/GHSA-c724-3xg7-g3hf", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-c724-3xg7-g3hf", }, { name: "https://github.com/gradle/gradle/commit/bf3cc0f2b463033037e67aaacda31291643ea1a9", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gradle/gradle/commit/bf3cc0f2b463033037e67aaacda31291643ea1a9", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230413-0002/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-26053", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-05T21:15:32.231102Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-05T21:15:36.343Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "gradle", vendor: "gradle", versions: [ { status: "affected", version: ">= 6.2, < 6.9.4", }, { status: "affected", version: ">= 7.0.0, < 7.6.1", }, ], }, ], descriptions: [ { lang: "en", value: "Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs (64bits) for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a `trusted-key` or `pgp` element in their dependency verification metadata file. The fix is to fail dependency verification if anything but a fingerprint is used in a trust element in dependency verification metadata. The problem is fixed in Gradle 8.0 and above. The problem is also patched in Gradle 6.9.4 and 7.6.1. As a workaround, use only full fingerprint IDs for `trusted-key` or `pgp` element in the metadata is a protection against this issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-829", description: "CWE-829: Inclusion of Functionality from Untrusted Control Sphere", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-13T16:06:21.602Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/gradle/gradle/security/advisories/GHSA-c724-3xg7-g3hf", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-c724-3xg7-g3hf", }, { name: "https://github.com/gradle/gradle/commit/bf3cc0f2b463033037e67aaacda31291643ea1a9", tags: [ "x_refsource_MISC", ], url: "https://github.com/gradle/gradle/commit/bf3cc0f2b463033037e67aaacda31291643ea1a9", }, { url: "https://security.netapp.com/advisory/ntap-20230413-0002/", }, ], source: { advisory: "GHSA-c724-3xg7-g3hf", discovery: "UNKNOWN", }, title: "Gradle usage of long IDs for PGP keys opens potential for collision attacks", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-26053", datePublished: "2023-03-02T03:11:31.488Z", dateReserved: "2023-02-17T22:44:03.150Z", dateUpdated: "2025-03-05T21:15:36.343Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-11979
Vulnerability from cvelistv5
Published
2020-10-01 19:24
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Apache Ant |
Version: Apache Ant 1.10.8 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:48:57.549Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Assigned] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Resolved] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E", }, { name: "FEDORA-2020-2640aa4e19", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB/", }, { name: "FEDORA-2020-92b1d001b3", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI/", }, { name: "FEDORA-2020-3ce0f55bc5", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS/", }, { name: "GLSA-202011-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202011-18", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm", }, { name: "[creadur-dev] 20210419 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "[creadur-dev] 20210621 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Ant", vendor: "n/a", versions: [ { status: "affected", version: "Apache Ant 1.10.8", }, ], }, ], descriptions: [ { lang: "en", value: "As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.", }, ], problemTypes: [ { descriptions: [ { description: "insecure temporary file vulnerability", lang: "en", type: "text", }, ], }, { descriptions: [ { cweId: "CWE-379", description: "CWE-379 Creation of Temporary File in Directory with Incorrect Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-19T23:21:10", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Assigned] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Resolved] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E", }, { name: "FEDORA-2020-2640aa4e19", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB/", }, { name: "FEDORA-2020-92b1d001b3", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI/", }, { name: "FEDORA-2020-3ce0f55bc5", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS/", }, { name: "GLSA-202011-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202011-18", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm", }, { name: "[creadur-dev] 20210419 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "[creadur-dev] 20210621 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2020-11979", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Ant", version: { version_data: [ { version_value: "Apache Ant 1.10.8", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "insecure temporary file vulnerability", }, ], }, { description: [ { lang: "eng", value: "CWE-379 Creation of Temporary File in Directory with Incorrect Permissions", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Assigned] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20201006 [jira] [Resolved] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E", }, { name: "FEDORA-2020-2640aa4e19", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB/", }, { name: "FEDORA-2020-92b1d001b3", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI/", }, { name: "FEDORA-2020-3ce0f55bc5", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS/", }, { name: "GLSA-202011-18", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202011-18", }, { name: "https://www.oracle.com/security-alerts/cpujan2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { name: "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm", refsource: "MISC", url: "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm", }, { name: "[creadur-dev] 20210419 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "[creadur-dev] 20210621 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2020-11979", datePublished: "2020-10-01T19:24:57", dateReserved: "2020-04-21T00:00:00", dateUpdated: "2024-08-04T11:48:57.549Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23630
Vulnerability from cvelistv5
Published
2022-02-10 20:10
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled on one or more configurations and those configurations have common dependencies with other configurations that have dependency verification enabled. If the configuration that has dependency verification disabled is resolved first, Gradle does not verify the common dependencies for the configuration that has dependency verification enabled. Gradle 7.4 fixes that issue by validating artifacts at least once if they are present in a resolved configuration that has dependency verification active. For users who cannot update either do not use `ResolutionStrategy.disableDependencyVerification()` and do not use plugins that use that method to disable dependency verification for a single configuration or make sure resolution of configuration that disable that feature do not happen in builds that resolve configuration where the feature is enabled.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/gradle/gradle/security/advisories/GHSA-9pf5-88jw-3qgr | x_refsource_CONFIRM | |
| https://github.com/gradle/gradle/commit/88ab9b652933bc3b2e3161b31ad8b8f4f0516351 | x_refsource_MISC | |
| https://docs.gradle.org/7.4/release-notes.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:51:45.670Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-9pf5-88jw-3qgr", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gradle/gradle/commit/88ab9b652933bc3b2e3161b31ad8b8f4f0516351", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.gradle.org/7.4/release-notes.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "gradle", vendor: "gradle", versions: [ { status: "affected", version: ">= 6.2, < 7.4", }, ], }, ], descriptions: [ { lang: "en", value: "Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled on one or more configurations and those configurations have common dependencies with other configurations that have dependency verification enabled. If the configuration that has dependency verification disabled is resolved first, Gradle does not verify the common dependencies for the configuration that has dependency verification enabled. Gradle 7.4 fixes that issue by validating artifacts at least once if they are present in a resolved configuration that has dependency verification active. For users who cannot update either do not use `ResolutionStrategy.disableDependencyVerification()` and do not use plugins that use that method to disable dependency verification for a single configuration or make sure resolution of configuration that disable that feature do not happen in builds that resolve configuration where the feature is enabled.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-829", description: "CWE-829: Inclusion of Functionality from Untrusted Control Sphere", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-02-10T20:10:09", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-9pf5-88jw-3qgr", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/gradle/gradle/commit/88ab9b652933bc3b2e3161b31ad8b8f4f0516351", }, { tags: [ "x_refsource_MISC", ], url: "https://docs.gradle.org/7.4/release-notes.html", }, ], source: { advisory: "GHSA-9pf5-88jw-3qgr", discovery: "UNKNOWN", }, title: "Dependency verification bypass in Gradle", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2022-23630", STATE: "PUBLIC", TITLE: "Dependency verification bypass in Gradle", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "gradle", version: { version_data: [ { version_value: ">= 6.2, < 7.4", }, ], }, }, ], }, vendor_name: "gradle", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled on one or more configurations and those configurations have common dependencies with other configurations that have dependency verification enabled. If the configuration that has dependency verification disabled is resolved first, Gradle does not verify the common dependencies for the configuration that has dependency verification enabled. Gradle 7.4 fixes that issue by validating artifacts at least once if they are present in a resolved configuration that has dependency verification active. For users who cannot update either do not use `ResolutionStrategy.disableDependencyVerification()` and do not use plugins that use that method to disable dependency verification for a single configuration or make sure resolution of configuration that disable that feature do not happen in builds that resolve configuration where the feature is enabled.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-829: Inclusion of Functionality from Untrusted Control Sphere", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/gradle/gradle/security/advisories/GHSA-9pf5-88jw-3qgr", refsource: "CONFIRM", url: "https://github.com/gradle/gradle/security/advisories/GHSA-9pf5-88jw-3qgr", }, { name: "https://github.com/gradle/gradle/commit/88ab9b652933bc3b2e3161b31ad8b8f4f0516351", refsource: "MISC", url: "https://github.com/gradle/gradle/commit/88ab9b652933bc3b2e3161b31ad8b8f4f0516351", }, { name: "https://docs.gradle.org/7.4/release-notes.html", refsource: "MISC", url: "https://docs.gradle.org/7.4/release-notes.html", }, ], }, source: { advisory: "GHSA-9pf5-88jw-3qgr", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-23630", datePublished: "2022-02-10T20:10:09", dateReserved: "2022-01-19T00:00:00", dateUpdated: "2024-08-03T03:51:45.670Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-42445
Vulnerability from cvelistv5
Published
2023-10-06 13:52
Modified
2025-02-13 17:09
Severity ?
EPSS score ?
Summary
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle. In Gradle 7.6.3 and 8.4, resolving XML external entities has been disabled for all use cases to protect against this vulnerability. Gradle will now refuse to parse XML files that have XML external entities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/gradle/gradle/security/advisories/GHSA-mrff-q8qj-xvg8 | x_refsource_CONFIRM | |
| https://github.com/gradle/gradle/releases/tag/v7.6.3 | x_refsource_MISC | |
| https://github.com/gradle/gradle/releases/tag/v8.4.0 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20231110-0006/ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:23:38.775Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/gradle/gradle/security/advisories/GHSA-mrff-q8qj-xvg8", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-mrff-q8qj-xvg8", }, { name: "https://github.com/gradle/gradle/releases/tag/v7.6.3", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gradle/gradle/releases/tag/v7.6.3", }, { name: "https://github.com/gradle/gradle/releases/tag/v8.4.0", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gradle/gradle/releases/tag/v8.4.0", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231110-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "gradle", vendor: "gradle", versions: [ { status: "affected", version: "< 8.4", }, { status: "affected", version: "< 7.6.3", }, ], }, ], descriptions: [ { lang: "en", value: "Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle. In Gradle 7.6.3 and 8.4, resolving XML external entities has been disabled for all use cases to protect against this vulnerability. Gradle will now refuse to parse XML files that have XML external entities.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-611", description: "CWE-611: Improper Restriction of XML External Entity Reference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-10T18:06:29.614Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/gradle/gradle/security/advisories/GHSA-mrff-q8qj-xvg8", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-mrff-q8qj-xvg8", }, { name: "https://github.com/gradle/gradle/releases/tag/v7.6.3", tags: [ "x_refsource_MISC", ], url: "https://github.com/gradle/gradle/releases/tag/v7.6.3", }, { name: "https://github.com/gradle/gradle/releases/tag/v8.4.0", tags: [ "x_refsource_MISC", ], url: "https://github.com/gradle/gradle/releases/tag/v8.4.0", }, { url: "https://security.netapp.com/advisory/ntap-20231110-0006/", }, ], source: { advisory: "GHSA-mrff-q8qj-xvg8", discovery: "UNKNOWN", }, title: "Possible local file exfiltration by XML External entity injection", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-42445", datePublished: "2023-10-06T13:52:02.982Z", dateReserved: "2023-09-08T20:57:45.572Z", dateUpdated: "2025-02-13T17:09:20.513Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-27148
Vulnerability from cvelistv5
Published
2025-02-25 20:13
Modified
2025-02-25 21:20
Severity ?
EPSS score ?
Summary
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. Gradle builds that rely on versions of net.rubygrapefruit:native-platform prior to 0.22-milestone-28 could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory.
In net.rubygrapefruit:native-platform prior to version 0.22-milestone-28, if the `Native.get(Class<>)` method was called, without calling `Native.init(File)` first, with a non-`null` argument used as working file path, then the library would initialize itself using the system temporary directory and NativeLibraryLocator.java lines 68 through 78. Version 0.22-milestone-28 has been released with changes that fix the problem. Initialization is now mandatory and no longer uses the system temporary directory, unless such a path is passed for initialization. The only workaround for affected versions is to make sure to do a proper initialization, using a location that is safe.
Gradle 8.12, only that exact version, had codepaths where the initialization of the underlying native integration library took a default path, relying on copying the binaries to the system temporary directory. Any execution of Gradle exposed this exploit. Users of Windows or modern versions of macOS are not vulnerable, nor are users of a Unix-like operating system with the "sticky" bit set or `noexec` on their system temporary directory vulnerable. This problem was fixed in Gradle 8.12.1. Gradle 8.13 release also upgrades to a version of the native library that no longer has that bug. Some workarounds are available. On Unix-like operating systems, ensure that the "sticky" bit is set. This only allows the original user (or root) to delete a file. Mounting `/tmp` as `noexec` will prevent Gradle 8.12 from starting. Those who are are unable to change the permissions of the system temporary directory can move the Java temporary directory by setting the System Property java.io.tmpdir. The new path needs to limit permissions to the build user only.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-27148", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-25T21:14:39.385419Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-25T21:20:46.507Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "gradle", vendor: "gradle", versions: [ { status: "affected", version: "= 8.12", }, ], }, ], descriptions: [ { lang: "en", value: "Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. Gradle builds that rely on versions of net.rubygrapefruit:native-platform prior to 0.22-milestone-28 could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory.\n\nIn net.rubygrapefruit:native-platform prior to version 0.22-milestone-28, if the `Native.get(Class<>)` method was called, without calling `Native.init(File)` first, with a non-`null` argument used as working file path, then the library would initialize itself using the system temporary directory and NativeLibraryLocator.java lines 68 through 78. Version 0.22-milestone-28 has been released with changes that fix the problem. Initialization is now mandatory and no longer uses the system temporary directory, unless such a path is passed for initialization. The only workaround for affected versions is to make sure to do a proper initialization, using a location that is safe.\n\nGradle 8.12, only that exact version, had codepaths where the initialization of the underlying native integration library took a default path, relying on copying the binaries to the system temporary directory. Any execution of Gradle exposed this exploit. Users of Windows or modern versions of macOS are not vulnerable, nor are users of a Unix-like operating system with the \"sticky\" bit set or `noexec` on their system temporary directory vulnerable. This problem was fixed in Gradle 8.12.1. Gradle 8.13 release also upgrades to a version of the native library that no longer has that bug. Some workarounds are available. On Unix-like operating systems, ensure that the \"sticky\" bit is set. This only allows the original user (or root) to delete a file. Mounting `/tmp` as `noexec` will prevent Gradle 8.12 from starting. Those who are are unable to change the permissions of the system temporary directory can move the Java temporary directory by setting the System Property java.io.tmpdir. The new path needs to limit permissions to the build user only.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-378", description: "CWE-378: Creation of Temporary File With Insecure Permissions", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-379", description: "CWE-379: Creation of Temporary File in Directory with Insecure Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-25T20:13:51.578Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/gradle/gradle/security/advisories/GHSA-465q-w4mf-4f4r", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-465q-w4mf-4f4r", }, { name: "https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336", tags: [ "x_refsource_MISC", ], url: "https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336", }, { name: "https://github.com/gradle/native-platform/security/advisories/GHSA-2xxp-vw2f-p3x8", tags: [ "x_refsource_MISC", ], url: "https://github.com/gradle/native-platform/security/advisories/GHSA-2xxp-vw2f-p3x8", }, { name: "https://github.com/gradle/gradle/pull/32025", tags: [ "x_refsource_MISC", ], url: "https://github.com/gradle/gradle/pull/32025", }, { name: "https://github.com/gradle/native-platform/pull/353", tags: [ "x_refsource_MISC", ], url: "https://github.com/gradle/native-platform/pull/353", }, { name: "https://en.wikipedia.org/wiki/Fstab#Options_common_to_all_filesystems", tags: [ "x_refsource_MISC", ], url: "https://en.wikipedia.org/wiki/Fstab#Options_common_to_all_filesystems", }, { name: "https://en.wikipedia.org/wiki/Sticky_bit", tags: [ "x_refsource_MISC", ], url: "https://en.wikipedia.org/wiki/Sticky_bit", }, { name: "https://github.com/gradle/native-platform/blob/574dfe8d9fb546c990436468d617ab81c140871d/native-platform/src/main/java/net/rubygrapefruit/platform/internal/NativeLibraryLocator.java#L68-L78", tags: [ "x_refsource_MISC", ], url: "https://github.com/gradle/native-platform/blob/574dfe8d9fb546c990436468d617ab81c140871d/native-platform/src/main/java/net/rubygrapefruit/platform/internal/NativeLibraryLocator.java#L68-L78", }, ], source: { advisory: "GHSA-465q-w4mf-4f4r", discovery: "UNKNOWN", }, title: "Gradle vulnerable to local privilege escalation through system temporary directory", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2025-27148", datePublished: "2025-02-25T20:13:51.578Z", dateReserved: "2025-02-19T16:30:47.778Z", dateUpdated: "2025-02-25T21:20:46.507Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-11065
Vulnerability from cvelistv5
Published
2019-04-09 23:37
Modified
2024-08-04 22:40
Severity ?
EPSS score ?
Summary
Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/gradle/gradle/pull/8927 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43P7SVDJOG6OUDVFR4ZIDITZLNHPGTO/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVXOXNLAYRGPKAZV63PYNV3HF27JW2MW/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQ5CGOV5QVQCSPGE3WRZDKUGIXLHSZDR/ | vendor-advisory, x_refsource_FEDORA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T22:40:16.302Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/gradle/gradle/pull/8927", }, { name: "FEDORA-2019-902786bc1e", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43P7SVDJOG6OUDVFR4ZIDITZLNHPGTO/", }, { name: "FEDORA-2019-a9c15101fb", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVXOXNLAYRGPKAZV63PYNV3HF27JW2MW/", }, { name: "FEDORA-2019-1b6383acdd", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQ5CGOV5QVQCSPGE3WRZDKUGIXLHSZDR/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-19T02:06:06", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/gradle/gradle/pull/8927", }, { name: "FEDORA-2019-902786bc1e", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43P7SVDJOG6OUDVFR4ZIDITZLNHPGTO/", }, { name: "FEDORA-2019-a9c15101fb", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVXOXNLAYRGPKAZV63PYNV3HF27JW2MW/", }, { name: "FEDORA-2019-1b6383acdd", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQ5CGOV5QVQCSPGE3WRZDKUGIXLHSZDR/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-11065", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/gradle/gradle/pull/8927", refsource: "MISC", url: "https://github.com/gradle/gradle/pull/8927", }, { name: "FEDORA-2019-902786bc1e", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43P7SVDJOG6OUDVFR4ZIDITZLNHPGTO/", }, { name: "FEDORA-2019-a9c15101fb", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVXOXNLAYRGPKAZV63PYNV3HF27JW2MW/", }, { name: "FEDORA-2019-1b6383acdd", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQ5CGOV5QVQCSPGE3WRZDKUGIXLHSZDR/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-11065", datePublished: "2019-04-09T23:37:04", dateReserved: "2019-04-09T00:00:00", dateUpdated: "2024-08-04T22:40:16.302Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
var-202010-1567
Vulnerability from variot
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process. Apache Ant Contains an unspecified vulnerability.Information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apache Ant is a set of automation tools for Java software development developed by the Apache Software Foundation. This tool is mainly used for software compilation, testing and deployment. The vulnerability stems from the fact that the network system or product lacks correct verification of user input data during the operation process of user input to construct commands, data structures, or records, and does not filter or correctly filter out special elements in it, resulting in parsing or failure of the system or product. Wrong way of interpreting. Linux Security Advisory GLSA 202011-18
https://security.gentoo.org/
Severity: Normal Title: Apache Ant: Insecure temporary file Date: November 16, 2020 Bugs: #745768 ID: 202011-18
Synopsis
Apache Ant uses various insecure temporary files possibly allowing local code execution.
Background
Ant is a Java-based build tool similar to ‘make’ that uses XML configuration files.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/ant < 1.10.9 >= 1.10.9
Description
A previous fix for a security vulnerability involving insecure temporary files has been found to be incomplete.
Impact
A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
All Apache Ant users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/ant-1.10.9"
References
[ 1 ] CVE-2020-11979 https://nvd.nist.gov/vuln/detail/CVE-2020-11979 [ 2 ] GLSA-202007-34 https://security.gentoo.org/glsa/202007-34
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202011-18
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. Bugs fixed (https://bugzilla.redhat.com/):
1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability 1903702 - CVE-2020-11979 ant: insecure temporary file 1921322 - CVE-2021-21615 jenkins: Filesystem traversal by privileged users 1925140 - CVE-2021-21608 jenkins: Stored XSS vulnerability in button labels 1925141 - CVE-2021-21609 jenkins: Missing permission check for paths with specific prefix 1925143 - CVE-2021-21605 jenkins: Path traversal vulnerability in agent names 1925145 - CVE-2021-21611 jenkins: Stored XSS vulnerability on new item page 1925151 - CVE-2021-21610 jenkins: Reflected XSS vulnerability in markup formatter preview 1925156 - CVE-2021-21607 jenkins: Excessive memory allocation in graph URLs leads to denial of service 1925157 - CVE-2021-21604 jenkins: Improper handling of REST API XML deserialization errors 1925159 - CVE-2021-21606 jenkins: Arbitrary file existence check in file fingerprints 1925160 - CVE-2021-21603 jenkins: XSS vulnerability in notification bar 1925161 - CVE-2021-21602 jenkins: Arbitrary file read vulnerability in workspace browsers 1925674 - Placeholder bug for OCP 4.6.0 rpm release
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 3.11.394 bug fix and security update Advisory ID: RHSA-2021:0637-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:0637 Issue date: 2021-03-03 CVE Names: CVE-2020-1945 CVE-2020-2304 CVE-2020-2305 CVE-2020-2306 CVE-2020-2307 CVE-2020-2308 CVE-2020-2309 CVE-2020-11979 CVE-2020-25658 ==================================================================== 1. Summary:
Red Hat OpenShift Container Platform release 3.11.394 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat OpenShift Container Platform 3.11 - noarch, ppc64le, x86_64
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):
-
jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2304)
-
jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2305)
-
ant: Insecure temporary file vulnerability (CVE-2020-1945)
-
jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure (CVE-2020-2306)
-
jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes plug-in (CVE-2020-2307)
-
jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates (CVE-2020-2308)
-
jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes plug-in allows enumerating credentials IDs (CVE-2020-2309)
-
ant: Insecure temporary file (CVE-2020-11979)
-
python-rsa: Bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.394. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:0638
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r elease_notes.html
This update fixes the following bugs among others:
-
Previously, the restart-cluster playbook did not evaluate the defined cluster size for ops clusters. This was causing come clusters to never complete their restart. This bug fix passes the logging ops cluster size, allowing restarts of ops clusters to complete successfully. (BZ#1879407)
-
Previously, the
openshift_named_certificatesrole checked the contents of theca-bundle.crtfile during cluster installation. This caused the check to fail during initial installation because theca-bundle.crtfile is not yet created in that scenario. This bug fix allows the cluster to skip checking theca-bundle.crtfile if it does not exist, resulting in initial installations succeeding. (BZ#1920567) -
Previously, if the
openshift_releaseattribute was not set in the Ansible inventory file, the nodes of the cluster would fail during an upgrade. This was caused by thecluster_facts.ymlfile being gathered before theopenshift_releaseattribute was defined by the upgrade playbook. Now thecluster_facts.ymlfile is gathered after theopenshift_versionrole runs and theopenshift_releaseattribute is set, allowing for successful node upgrades. (BZ#1921353)
All OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages and images.
- Solution:
Before applying this update, ensure all previously released errata relevant to your system is applied.
See the following documentation, which will be updated shortly for release 3.11.394, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r elease_notes.html
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.
- Bugs fixed (https://bugzilla.redhat.com/):
1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability 1849003 - fact dicts returned are of type string rather than dict 1873346 - In-place upgrade of OCP 3.11 does not upgrade Kuryr components 1879407 - The restart-cluster playbook doesn't take into account that openshift_logging_es_ops_cluster_size could be different from openshift_logging_es_cluster_size 1889972 - CVE-2020-25658 python-rsa: bleichenbacher timing oracle attack against RSA decryption 1895939 - CVE-2020-2304 jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks 1895940 - CVE-2020-2305 jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks 1895941 - CVE-2020-2306 jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure 1895945 - CVE-2020-2307 jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin 1895946 - CVE-2020-2308 jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates 1895947 - CVE-2020-2309 jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs 1903699 - Prometheus consumes all available memory 1903702 - CVE-2020-11979 ant: insecure temporary file 1918392 - Unable to access kibana URLafter enabling HTTP2 on Haproxy router 1920567 - [release-3.11] - ca-bundle.crt(/etc/origin/master/ca-bundle.crt) is missing on the fresh installation process 1921353 - OCP 3.11.374 Upgrade fails with Either OpenShift needs to be installed or openshift_release needs to be specified 1924614 - Provide jenkins agent image for maven36 1924811 - Provide jenkins agent image for maven36 1929170 - kuryr-cni pods in crashloop after updating OCP due to RuntimeError caused by attempting to delete eth0 host interface 1929216 - KeyError: 'addresses' in kuryr-controller when Endpoints' slice only lists notReadyAddresses
- Package List:
Red Hat OpenShift Container Platform 3.11:
Source: atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.src.rpm atomic-openshift-3.11.394-1.git.0.e03a88e.el7.src.rpm atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.src.rpm atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.src.rpm atomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.src.rpm atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.src.rpm atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.src.rpm atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.src.rpm atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.src.rpm golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.src.rpm golang-github-prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.src.rpm golang-github-prometheus-node_exporter-3.11.394-1.git.1062.8adc4b8.el7.src.rpm golang-github-prometheus-prometheus-3.11.394-1.git.5026.2c9627f.el7.src.rpm haproxy-1.8.28-1.el7.src.rpm jenkins-2-plugins-3.11.1612862361-1.el7.src.rpm jenkins-2.263.3.1612433584-1.el7.src.rpm openshift-ansible-3.11.394-6.git.0.47ec25d.el7.src.rpm openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.src.rpm openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.src.rpm openshift-kuryr-3.11.394-1.git.1490.16ed375.el7.src.rpm python-rsa-4.5-3.el7.src.rpm
noarch: atomic-openshift-docker-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm atomic-openshift-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm jenkins-2-plugins-3.11.1612862361-1.el7.noarch.rpm jenkins-2.263.3.1612433584-1.el7.noarch.rpm openshift-ansible-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-docs-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-playbooks-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-roles-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-test-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-kuryr-cni-3.11.394-1.git.1490.16ed375.el7.noarch.rpm openshift-kuryr-common-3.11.394-1.git.1490.16ed375.el7.noarch.rpm openshift-kuryr-controller-3.11.394-1.git.1490.16ed375.el7.noarch.rpm python2-kuryr-kubernetes-3.11.394-1.git.1490.16ed375.el7.noarch.rpm python2-rsa-4.5-3.el7.noarch.rpm
ppc64le: atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm atomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm atomic-openshift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.ppc64le.rpm atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.ppc64le.rpm atomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.ppc64le.rpm atomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.ppc64le.rpm atomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.ppc64le.rpm atomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.ppc64le.rpm golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.ppc64le.rpm haproxy-debuginfo-1.8.28-1.el7.ppc64le.rpm haproxy18-1.8.28-1.el7.ppc64le.rpm openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.ppc64le.rpm openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.ppc64le.rpm prometheus-3.11.394-1.git.5026.2c9627f.el7.ppc64le.rpm prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.ppc64le.rpm prometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.ppc64le.rpm
x86_64: atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm atomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm atomic-openshift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-clients-redistributable-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.x86_64.rpm atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.x86_64.rpm atomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.x86_64.rpm atomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.x86_64.rpm atomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.x86_64.rpm atomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.x86_64.rpm atomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.x86_64.rpm golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.x86_64.rpm haproxy-debuginfo-1.8.28-1.el7.x86_64.rpm haproxy18-1.8.28-1.el7.x86_64.rpm openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.x86_64.rpm openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.x86_64.rpm prometheus-3.11.394-1.git.5026.2c9627f.el7.x86_64.rpm prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.x86_64.rpm prometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-1945 https://access.redhat.com/security/cve/CVE-2020-2304 https://access.redhat.com/security/cve/CVE-2020-2305 https://access.redhat.com/security/cve/CVE-2020-2306 https://access.redhat.com/security/cve/CVE-2020-2307 https://access.redhat.com/security/cve/CVE-2020-2308 https://access.redhat.com/security/cve/CVE-2020-2309 https://access.redhat.com/security/cve/CVE-2020-11979 https://access.redhat.com/security/cve/CVE-2020-25658 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYD+BmNzjgjWX9erEAQjE+Q//ZZiX1bD9qOdi3w9TpwdZLagxnE5NTy5Z Ru/GN0qaTIBHo8QHZqgt6jBT5ADfW0KgEdA3N+fi43f4ud5fO+2eQcdE4oeSAE93 T5PAL+UBlb4ykAqQQnLVMO8G5Hc2IOw68wZjC+YFcEB36FnZifCk/z14OdUR3WyT g5ohmXKJw3ojfOsPK0ZIePS4V7RwTosagKHdyVa+tpxxVlkcZf2q08e5U7YkkhKv d/4UzYfGYtpm8ozYde1Cvs6cCU2ar7VQjsGW597BgSMXYESDqnPTKUJ5y8btFTwL j5z0ZSc96MBOkyebqxqhNdeFwg4liCl0RhBSUBhsG6e40Du8+3+LPUS579R1cp8N qCW0ODujVh804XNOXSqGAbmPXb6BL8uIY6j4kdzfZH4xgBGG1oOhiUcjPrJQkohD 7fRf/aLCtRno9d98oylMuxPWEf4XfeltF4zin8hWdvBlfSxfy6aGjdmXcHWIP3Es 4jL7h5IBtTn/8IXO5kXUlBeHOTNfjA48W/MmxyN6TNoTFrrsgR1pk7RUCxjAgOi/ Nk/IYlBheWb1Bvm/QCMpA5qDUSNZnmADw6BBRoViE+/DKBM9/DEUX6KOq6H3Ak0v wA7QOAVVk2COxBJCsmy7EJUJYMuyfrNkovukWKHUQQuDFcjy5nWYbGmmejX/STB2 +rElYOcZkO0=9NLN -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202010-1567", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "utilities framework", scope: "eq", trust: 1, vendor: "oracle", version: "4.3.0.6.0", }, { model: "banking platform", scope: "eq", trust: 1, vendor: "oracle", version: "2.7.0", }, { model: "flexcube private banking", scope: "eq", trust: 1, vendor: "oracle", version: "12.0.0", }, { model: "primavera unifier", scope: "gte", trust: 1, vendor: "oracle", version: "17.7", }, { model: "banking treasury management", scope: "eq", trust: 1, vendor: "oracle", version: "14.4", }, { model: "primavera unifier", scope: "eq", trust: 1, vendor: "oracle", version: "16.1", }, { model: "retail category management planning \\& optimization", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.3", }, { model: "retail store inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "15.0.3.0", }, { model: "retail store inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.3.0", }, { model: "primavera gateway", scope: "gte", trust: 1, vendor: "oracle", version: "17.12.0", }, { model: "primavera unifier", scope: "eq", trust: 1, vendor: "oracle", version: "16.2", }, { model: "financial services analytical applications infrastructure", scope: "lte", trust: 1, vendor: "oracle", version: "8.0.9", }, { model: "retail advanced inventory planning", scope: "eq", trust: 1, vendor: "oracle", version: "14.1", }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "32", }, { model: "banking platform", scope: "eq", trust: 1, vendor: "oracle", version: "2.4.0", }, { model: "gradle", scope: "lt", trust: 1, vendor: "gradle", version: "6.8.0", }, { model: "primavera unifier", scope: "lte", trust: 1, vendor: "oracle", version: "17.12", }, { model: "retail store inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "14.1.3.9", }, { model: "banking platform", scope: "eq", trust: 1, vendor: "oracle", version: "2.7.1", }, { model: "financial services analytical applications infrastructure", scope: "eq", trust: 1, vendor: "oracle", version: "8.1.0", }, { model: "retail service backbone", scope: "eq", trust: 1, vendor: "oracle", version: "14.1.3", }, { model: "retail regular price optimization", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.3", }, { model: "endeca information discovery studio", scope: "eq", trust: 1, vendor: "oracle", version: "3.2.0.0", }, { model: "utilities framework", scope: "eq", trust: 1, vendor: "oracle", version: "4.4.0.2.0", }, { model: "retail xstore point of service", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.6", }, { model: "primavera unifier", scope: "eq", trust: 1, vendor: "oracle", version: "20.12", }, { model: "real-time decision server", scope: "eq", trust: 1, vendor: "oracle", version: "3.2.0.0", }, { model: "retail financial integration", scope: "eq", trust: 1, vendor: "oracle", version: "14.1.3", }, { model: "retail assortment planning", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.3", }, { model: "data integrator", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.4.0", }, { model: "retail xstore point of service", scope: "eq", trust: 1, vendor: "oracle", version: "19.0.2", }, { model: "retail integration bus", scope: "eq", trust: 1, vendor: "oracle", version: "15.0.3", }, { model: "financial services analytical applications infrastructure", scope: "eq", trust: 1, vendor: "oracle", version: "8.1.1", }, { model: "retail predictive application server", scope: "eq", trust: 1, vendor: "oracle", version: "14.1", }, { model: "timesten in-memory database", scope: "lt", trust: 1, vendor: "oracle", version: "11.2.2.8.27", }, { model: "real-time decision server", scope: "eq", trust: 1, vendor: "oracle", version: "11.1.1.9.0", }, { model: "primavera unifier", scope: "eq", trust: 1, vendor: "oracle", version: "19.12", }, { model: "primavera gateway", scope: "gte", trust: 1, vendor: "oracle", version: "16.2.0", }, { model: "ant", scope: "eq", trust: 1, vendor: "apache", version: "1.10.8", }, { model: "retail merchandising system", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.3", }, { model: "retail size profile optimization", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.3", }, { model: "communications unified inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "7.4.1", }, { model: "enterprise repository", scope: "eq", trust: 1, vendor: "oracle", version: "11.1.1.7.0", }, { model: "retail item planning", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.3", }, { model: "utilities framework", scope: "eq", trust: 1, vendor: "oracle", version: "4.3.0.5.0", }, { model: "banking platform", scope: "eq", trust: 1, vendor: "oracle", version: "2.4.1", }, { model: "retail eftlink", scope: "eq", trust: 1, vendor: "oracle", version: "19.0.1", }, { model: "retail xstore point of service", scope: "eq", trust: 1, vendor: "oracle", version: "17.0.4", }, { model: "retail service backbone", scope: "eq", trust: 1, vendor: "oracle", version: "15.0.3", }, { model: "agile engineering data management", scope: "eq", trust: 1, vendor: "oracle", version: "6.2.1.0", }, { model: "banking platform", scope: "eq", trust: 1, vendor: "oracle", version: "2.6.2", }, { model: "retail merchandise financial planning", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.3", }, { model: "data integrator", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.3.0", }, { model: "storagetek acsls", scope: "eq", trust: 1, vendor: "oracle", version: "8.5.1", }, { model: "retail financial integration", scope: "eq", trust: 1, vendor: "oracle", version: "15.0.3", }, { model: "retail macro space optimization", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.3", }, { model: "storagetek tape analytics", scope: "eq", trust: 1, vendor: "oracle", version: "2.4", }, { model: "retail eftlink", scope: "eq", trust: 1, vendor: "oracle", version: "20.0.0", }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "31", }, { model: "retail merchandising system", scope: "eq", trust: 1, vendor: "oracle", version: "14.1.3.2", }, { model: "utilities framework", scope: "eq", trust: 1, vendor: "oracle", version: "4.4.0.0.0", }, { model: "primavera unifier", scope: "eq", trust: 1, vendor: "oracle", version: "18.8", }, { model: "retail service backbone", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.3", }, { model: "api gateway", scope: "eq", trust: 1, vendor: "oracle", version: "11.1.2.4.0", }, { model: "financial services analytical applications infrastructure", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.6", }, { model: "banking platform", scope: "eq", trust: 1, vendor: "oracle", version: "2.8.0", }, { model: "primavera gateway", scope: "lte", trust: 1, vendor: "oracle", version: "17.12.9", }, { model: "flexcube private banking", scope: "eq", trust: 1, vendor: "oracle", version: "12.1.0", }, { model: "retail xstore point of service", scope: "eq", trust: 1, vendor: "oracle", version: "18.0.3", }, { model: "retail replenishment optimization", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.3", }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "33", }, { model: "primavera gateway", scope: "lte", trust: 1, vendor: "oracle", version: "16.2.11", }, { model: "communications unified inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "7.4.0", }, { model: "retail xstore point of service", scope: "eq", trust: 1, vendor: "oracle", version: "15.0.4", }, { model: "retail financial integration", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.3", }, { model: "ant", scope: null, trust: 0.8, vendor: "apache", version: null, }, { model: "gradle", scope: null, trust: 0.8, vendor: "gradle", version: null, }, { model: "oracle banking platform", scope: null, trust: 0.8, vendor: "オラクル", version: null, }, { model: "oracle enterprise repository", scope: null, trust: 0.8, vendor: "オラクル", version: null, }, { model: "oracle financial services analytical applications infrastructure", scope: null, trust: 0.8, vendor: "オラクル", version: null, }, { model: "primavera gateway", scope: null, trust: 0.8, vendor: "オラクル", version: null, }, { model: "primavera unifier", scope: null, trust: 0.8, vendor: "オラクル", version: null, }, { model: "oracle retail financial integration", scope: null, trust: 0.8, vendor: "オラクル", version: null, }, { model: "oracle retail integration bus", scope: null, trust: 0.8, vendor: "オラクル", version: null, }, { model: "oracle retail service backbone", scope: null, trust: 0.8, vendor: "オラクル", version: null, }, { model: "oracle retail store inventory management", scope: null, trust: 0.8, vendor: "オラクル", version: null, }, { model: "fedora", scope: null, trust: 0.8, vendor: "fedora", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-012067", }, { db: "NVD", id: "CVE-2020-11979", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apache:ant:1.10.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "6.8.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.2.11", versionStartIncluding: "16.2.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.9:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_service_backbone:15.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_financial_integration:15.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_financial_integration:14.1.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_service_backbone:14.1.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_integration_bus:15.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "17.12.9", versionStartIncluding: "17.12.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:real-time_decision_server:3.2.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.0.9", versionStartIncluding: "8.0.6", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:real-time_decision_server:11.1.1.9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_eftlink:20.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_regular_price_optimization:16.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_size_profile_optimization:16.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_replenishment_optimization:16.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_merchandise_financial_planning:16.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_macro_space_optimization:16.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_item_planning:16.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_category_management_planning_\\&_optimization:16.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_merchandising_system:14.1.3.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "11.2.2.8.27", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:storagetek_tape_analytics:2.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-11979", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Red Hat", sources: [ { db: "PACKETSTORM", id: "161644", }, { db: "PACKETSTORM", id: "161454", }, { db: "PACKETSTORM", id: "161647", }, { db: "CNNVD", id: "CNNVD-202010-015", }, ], trust: 0.9, }, cve: "CVE-2020-11979", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2020-11979", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "VHN-164611", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2020-11979", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-11979", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202010-015", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-164611", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2020-11979", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-164611", }, { db: "VULMON", id: "CVE-2020-11979", }, { db: "JVNDB", id: "JVNDB-2020-012067", }, { db: "NVD", id: "CVE-2020-11979", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202010-015", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process. Apache Ant Contains an unspecified vulnerability.Information may be tampered with. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apache Ant is a set of automation tools for Java software development developed by the Apache Software Foundation. This tool is mainly used for software compilation, testing and deployment. The vulnerability stems from the fact that the network system or product lacks correct verification of user input data during the operation process of user input to construct commands, data structures, or records, and does not filter or correctly filter out special elements in it, resulting in parsing or failure of the system or product. Wrong way of interpreting. \n Linux Security Advisory GLSA 202011-18\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Apache Ant: Insecure temporary file\n Date: November 16, 2020\n Bugs: #745768\n ID: 202011-18\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nApache Ant uses various insecure temporary files possibly allowing\nlocal code execution. \n\nBackground\n==========\n\nAnt is a Java-based build tool similar to ‘make’ that uses XML\nconfiguration files. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/ant < 1.10.9 >= 1.10.9 \n\nDescription\n===========\n\nA previous fix for a security vulnerability involving insecure\ntemporary files has been found to be incomplete. \n\nImpact\n======\n\nA local attacker could perform symlink attacks to overwrite arbitrary\nfiles with the privileges of the user running the application. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache Ant users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/ant-1.10.9\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-11979\n https://nvd.nist.gov/vuln/detail/CVE-2020-11979\n[ 2 ] GLSA-202007-34\n https://security.gentoo.org/glsa/202007-34\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202011-18\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability\n1903702 - CVE-2020-11979 ant: insecure temporary file\n1921322 - CVE-2021-21615 jenkins: Filesystem traversal by privileged users\n1925140 - CVE-2021-21608 jenkins: Stored XSS vulnerability in button labels\n1925141 - CVE-2021-21609 jenkins: Missing permission check for paths with specific prefix\n1925143 - CVE-2021-21605 jenkins: Path traversal vulnerability in agent names\n1925145 - CVE-2021-21611 jenkins: Stored XSS vulnerability on new item page\n1925151 - CVE-2021-21610 jenkins: Reflected XSS vulnerability in markup formatter preview\n1925156 - CVE-2021-21607 jenkins: Excessive memory allocation in graph URLs leads to denial of service\n1925157 - CVE-2021-21604 jenkins: Improper handling of REST API XML deserialization errors\n1925159 - CVE-2021-21606 jenkins: Arbitrary file existence check in file fingerprints\n1925160 - CVE-2021-21603 jenkins: XSS vulnerability in notification bar\n1925161 - CVE-2021-21602 jenkins: Arbitrary file read vulnerability in workspace browsers\n1925674 - Placeholder bug for OCP 4.6.0 rpm release\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 3.11.394 bug fix and security update\nAdvisory ID: RHSA-2021:0637-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0637\nIssue date: 2021-03-03\nCVE Names: CVE-2020-1945 CVE-2020-2304 CVE-2020-2305\n CVE-2020-2306 CVE-2020-2307 CVE-2020-2308\n CVE-2020-2309 CVE-2020-11979 CVE-2020-25658\n====================================================================\n1. Summary:\n\nRed Hat OpenShift Container Platform release 3.11.394 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat OpenShift Container Platform 3.11 - noarch, ppc64le, x86_64\n\n3. Description:\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nSecurity Fix(es):\n\n* jenkins-2-plugins/subversion: XML parser is not preventing XML external\nentity (XXE) attacks (CVE-2020-2304)\n\n* jenkins-2-plugins/mercurial: XML parser is not preventing XML external\nentity (XXE) attacks (CVE-2020-2305)\n\n* ant: Insecure temporary file vulnerability (CVE-2020-1945)\n\n* jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint\ncould result in information disclosure (CVE-2020-2306)\n\n* jenkins-2-plugins/kubernetes: Jenkins controller environment variables\nare accessible in Kubernetes plug-in (CVE-2020-2307)\n\n* jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes\nPlugin allows listing pod templates (CVE-2020-2308)\n\n* jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes\nplug-in allows enumerating credentials IDs (CVE-2020-2309)\n\n* ant: Insecure temporary file (CVE-2020-11979)\n\n* python-rsa: Bleichenbacher timing oracle attack against RSA decryption\n(CVE-2020-25658)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 3.11.394. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:0638\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r\nelease_notes.html\n\nThis update fixes the following bugs among others:\n\n* Previously, the restart-cluster playbook did not evaluate the defined\ncluster size for ops clusters. This was causing come clusters to never\ncomplete their restart. This bug fix passes the logging ops cluster size,\nallowing restarts of ops clusters to complete successfully. (BZ#1879407)\n\n* Previously, the `openshift_named_certificates` role checked the contents\nof the `ca-bundle.crt` file during cluster installation. This caused the\ncheck to fail during initial installation because the `ca-bundle.crt` file\nis not yet created in that scenario. This bug fix allows the cluster to\nskip checking the `ca-bundle.crt` file if it does not exist, resulting in\ninitial installations succeeding. (BZ#1920567)\n\n* Previously, if the `openshift_release` attribute was not set in the\nAnsible inventory file, the nodes of the cluster would fail during an\nupgrade. This was caused by the `cluster_facts.yml` file being gathered\nbefore the `openshift_release` attribute was defined by the upgrade\nplaybook. Now the `cluster_facts.yml` file is gathered after the\n`openshift_version` role runs and the `openshift_release` attribute is set,\nallowing for successful node upgrades. (BZ#1921353)\n\nAll OpenShift Container Platform 3.11 users are advised to upgrade to these\nupdated packages and images. \n\n4. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system is applied. \n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and\nfully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r\nelease_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability\n1849003 - fact dicts returned are of type string rather than dict\n1873346 - In-place upgrade of OCP 3.11 does not upgrade Kuryr components\n1879407 - The restart-cluster playbook doesn't take into account that openshift_logging_es_ops_cluster_size could be different from openshift_logging_es_cluster_size\n1889972 - CVE-2020-25658 python-rsa: bleichenbacher timing oracle attack against RSA decryption\n1895939 - CVE-2020-2304 jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks\n1895940 - CVE-2020-2305 jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks\n1895941 - CVE-2020-2306 jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure\n1895945 - CVE-2020-2307 jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin\n1895946 - CVE-2020-2308 jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates\n1895947 - CVE-2020-2309 jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs\n1903699 - Prometheus consumes all available memory\n1903702 - CVE-2020-11979 ant: insecure temporary file\n1918392 - Unable to access kibana URLafter enabling HTTP2 on Haproxy router\n1920567 - [release-3.11] - ca-bundle.crt(/etc/origin/master/ca-bundle.crt) is missing on the fresh installation process\n1921353 - OCP 3.11.374 Upgrade fails with Either OpenShift needs to be installed or openshift_release needs to be specified\n1924614 - Provide jenkins agent image for maven36\n1924811 - Provide jenkins agent image for maven36\n1929170 - kuryr-cni pods in crashloop after updating OCP due to RuntimeError caused by attempting to delete eth0 host interface\n1929216 - KeyError: 'addresses' in kuryr-controller when Endpoints' slice only lists notReadyAddresses\n\n6. Package List:\n\nRed Hat OpenShift Container Platform 3.11:\n\nSource:\natomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.src.rpm\natomic-openshift-3.11.394-1.git.0.e03a88e.el7.src.rpm\natomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.src.rpm\natomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.src.rpm\natomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.src.rpm\natomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.src.rpm\natomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.src.rpm\natomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.src.rpm\natomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.src.rpm\ngolang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.src.rpm\ngolang-github-prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.src.rpm\ngolang-github-prometheus-node_exporter-3.11.394-1.git.1062.8adc4b8.el7.src.rpm\ngolang-github-prometheus-prometheus-3.11.394-1.git.5026.2c9627f.el7.src.rpm\nhaproxy-1.8.28-1.el7.src.rpm\njenkins-2-plugins-3.11.1612862361-1.el7.src.rpm\njenkins-2.263.3.1612433584-1.el7.src.rpm\nopenshift-ansible-3.11.394-6.git.0.47ec25d.el7.src.rpm\nopenshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.src.rpm\nopenshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.src.rpm\nopenshift-kuryr-3.11.394-1.git.1490.16ed375.el7.src.rpm\npython-rsa-4.5-3.el7.src.rpm\n\nnoarch:\natomic-openshift-docker-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm\natomic-openshift-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm\njenkins-2-plugins-3.11.1612862361-1.el7.noarch.rpm\njenkins-2.263.3.1612433584-1.el7.noarch.rpm\nopenshift-ansible-3.11.394-6.git.0.47ec25d.el7.noarch.rpm\nopenshift-ansible-docs-3.11.394-6.git.0.47ec25d.el7.noarch.rpm\nopenshift-ansible-playbooks-3.11.394-6.git.0.47ec25d.el7.noarch.rpm\nopenshift-ansible-roles-3.11.394-6.git.0.47ec25d.el7.noarch.rpm\nopenshift-ansible-test-3.11.394-6.git.0.47ec25d.el7.noarch.rpm\nopenshift-kuryr-cni-3.11.394-1.git.1490.16ed375.el7.noarch.rpm\nopenshift-kuryr-common-3.11.394-1.git.1490.16ed375.el7.noarch.rpm\nopenshift-kuryr-controller-3.11.394-1.git.1490.16ed375.el7.noarch.rpm\npython2-kuryr-kubernetes-3.11.394-1.git.1490.16ed375.el7.noarch.rpm\npython2-rsa-4.5-3.el7.noarch.rpm\n\nppc64le:\natomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm\natomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm\natomic-openshift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.ppc64le.rpm\natomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.ppc64le.rpm\natomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.ppc64le.rpm\natomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.ppc64le.rpm\natomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.ppc64le.rpm\natomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.ppc64le.rpm\ngolang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.ppc64le.rpm\nhaproxy-debuginfo-1.8.28-1.el7.ppc64le.rpm\nhaproxy18-1.8.28-1.el7.ppc64le.rpm\nopenshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.ppc64le.rpm\nopenshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.ppc64le.rpm\nprometheus-3.11.394-1.git.5026.2c9627f.el7.ppc64le.rpm\nprometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.ppc64le.rpm\nprometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.ppc64le.rpm\n\nx86_64:\natomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm\natomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm\natomic-openshift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-clients-redistributable-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.x86_64.rpm\natomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.x86_64.rpm\natomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.x86_64.rpm\natomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.x86_64.rpm\natomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.x86_64.rpm\natomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.x86_64.rpm\natomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.x86_64.rpm\ngolang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.x86_64.rpm\nhaproxy-debuginfo-1.8.28-1.el7.x86_64.rpm\nhaproxy18-1.8.28-1.el7.x86_64.rpm\nopenshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.x86_64.rpm\nopenshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.x86_64.rpm\nprometheus-3.11.394-1.git.5026.2c9627f.el7.x86_64.rpm\nprometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.x86_64.rpm\nprometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-1945\nhttps://access.redhat.com/security/cve/CVE-2020-2304\nhttps://access.redhat.com/security/cve/CVE-2020-2305\nhttps://access.redhat.com/security/cve/CVE-2020-2306\nhttps://access.redhat.com/security/cve/CVE-2020-2307\nhttps://access.redhat.com/security/cve/CVE-2020-2308\nhttps://access.redhat.com/security/cve/CVE-2020-2309\nhttps://access.redhat.com/security/cve/CVE-2020-11979\nhttps://access.redhat.com/security/cve/CVE-2020-25658\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYD+BmNzjgjWX9erEAQjE+Q//ZZiX1bD9qOdi3w9TpwdZLagxnE5NTy5Z\nRu/GN0qaTIBHo8QHZqgt6jBT5ADfW0KgEdA3N+fi43f4ud5fO+2eQcdE4oeSAE93\nT5PAL+UBlb4ykAqQQnLVMO8G5Hc2IOw68wZjC+YFcEB36FnZifCk/z14OdUR3WyT\ng5ohmXKJw3ojfOsPK0ZIePS4V7RwTosagKHdyVa+tpxxVlkcZf2q08e5U7YkkhKv\nd/4UzYfGYtpm8ozYde1Cvs6cCU2ar7VQjsGW597BgSMXYESDqnPTKUJ5y8btFTwL\nj5z0ZSc96MBOkyebqxqhNdeFwg4liCl0RhBSUBhsG6e40Du8+3+LPUS579R1cp8N\nqCW0ODujVh804XNOXSqGAbmPXb6BL8uIY6j4kdzfZH4xgBGG1oOhiUcjPrJQkohD\n7fRf/aLCtRno9d98oylMuxPWEf4XfeltF4zin8hWdvBlfSxfy6aGjdmXcHWIP3Es\n4jL7h5IBtTn/8IXO5kXUlBeHOTNfjA48W/MmxyN6TNoTFrrsgR1pk7RUCxjAgOi/\nNk/IYlBheWb1Bvm/QCMpA5qDUSNZnmADw6BBRoViE+/DKBM9/DEUX6KOq6H3Ak0v\nwA7QOAVVk2COxBJCsmy7EJUJYMuyfrNkovukWKHUQQuDFcjy5nWYbGmmejX/STB2\n+rElYOcZkO0=9NLN\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n", sources: [ { db: "NVD", id: "CVE-2020-11979", }, { db: "JVNDB", id: "JVNDB-2020-012067", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "VULHUB", id: "VHN-164611", }, { db: "VULMON", id: "CVE-2020-11979", }, { db: "PACKETSTORM", id: "160093", }, { db: "PACKETSTORM", id: "161644", }, { db: "PACKETSTORM", id: "161454", }, { db: "PACKETSTORM", id: "161647", }, ], trust: 2.7, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-11979", trust: 3, }, { db: "PACKETSTORM", id: "160093", trust: 0.8, }, { db: "PACKETSTORM", id: "161644", trust: 0.8, }, { db: "PACKETSTORM", id: "161454", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2020-012067", trust: 0.8, }, { db: "CS-HELP", id: "SB2021041363", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, }, { db: "CS-HELP", id: "SB2021042112", trust: 0.6, }, { db: "CS-HELP", id: "SB2021042640", trust: 0.6, }, { db: "CS-HELP", id: "SB2021072823", trust: 0.6, }, { db: "CS-HELP", id: "SB2022042536", trust: 0.6, }, { db: "CS-HELP", id: "SB2021042536", trust: 0.6, }, { db: "CS-HELP", id: "SB2022012312", trust: 0.6, }, { db: "CS-HELP", id: "SB2021042319", trust: 0.6, }, { db: "CS-HELP", id: "SB2021072778", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2022.6025", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.0771", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.0599", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.0315", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2023.1653", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202010-015", trust: 0.6, }, { db: "PACKETSTORM", id: "161647", trust: 0.2, }, { db: "CNVD", id: "CNVD-2020-57125", trust: 0.1, }, { db: "VULHUB", id: "VHN-164611", trust: 0.1, }, { db: "VULMON", id: "CVE-2020-11979", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-164611", }, { db: "VULMON", id: "CVE-2020-11979", }, { db: "JVNDB", id: "JVNDB-2020-012067", }, { db: "PACKETSTORM", id: "160093", }, { db: "PACKETSTORM", id: "161644", }, { db: "PACKETSTORM", id: "161454", }, { db: "PACKETSTORM", id: "161647", }, { db: "NVD", id: "CVE-2020-11979", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202010-015", }, ], }, id: "VAR-202010-1567", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-164611", }, ], trust: 0.01, }, last_update_date: "2023-12-18T10:59:59.391000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Apache Ant insecure temporary file vulnerability Oracle Oracle Critical Patch Update", trust: 0.8, url: "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3cdev.creadur.apache.org%3e", }, { title: "Apache Ant Repair measures for injecting vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=130249", }, { title: "Debian CVElist Bug Report Logs: ant: CVE-2020-11979", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=2a449f8fc892d50c69e07a3668964924", }, { title: "IBM: Security Bulletin: Vulnerability in Apache Ant affects IBM Spectrum Symphony", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3dd0d4ffb8383347639c4ccc74310f32", }, { title: "Arch Linux Advisories: [ASA-202012-5] ant: arbitrary code execution", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=asa-202012-5", }, { title: "Arch Linux Issues: ", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=cve-2020-11979 log", }, { title: "Red Hat: Important: OpenShift Container Platform 4.6.17 security and packages update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20210423 - security advisory", }, { title: "IBM: Security Bulletin: Apache Ant Vulnerabilities Affect IBM Control Center (CVE-2020-1945, CVE-2020-11979)", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=141b2e54160a76a0f41beef4db28270e", }, { title: "IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Conductor 2.5.0", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=0bf006d622ea4a9435b282864e760566", }, { title: "IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Symphony 7.3.1", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c47c09015d1429df4a71453000607351", }, ], sources: [ { db: "VULMON", id: "CVE-2020-11979", }, { db: "JVNDB", id: "JVNDB-2020-012067", }, { db: "CNNVD", id: "CNNVD-202010-015", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-Other", trust: 1, }, { problemtype: "Other (CWE-Other) [NVD Evaluation ]", trust: 0.8, }, { problemtype: "CWE-74", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-164611", }, { db: "JVNDB", id: "JVNDB-2020-012067", }, { db: "NVD", id: "CVE-2020-11979", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { trust: 2.3, url: "https://www.oracle.com/security-alerts/cpuapr2021.html", }, { trust: 2.3, url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { trust: 1.9, url: "https://security.gentoo.org/glsa/202011-18", }, { trust: 1.8, url: "https://github.com/gradle/gradle/security/advisories/ghsa-j45w-qrgf-25vm", }, { trust: 1.8, url: "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3cdev.ant.apache.org%3e", }, { trust: 1.8, url: "https://nvd.nist.gov/vuln/detail/cve-2020-11979", }, { trust: 1.7, url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { trust: 1.7, url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { trust: 1.7, url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { trust: 1, url: "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3cdev.creadur.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3cdev.creadur.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3cdev.creadur.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3cdev.creadur.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3cdev.creadur.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3cdev.creadur.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3cdev.creadur.apache.org%3e", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/aalw42fwnq35f7kb3jvrc6nbvv7aayyi/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/dybrn5c2rw7jry75ib7q7zvkzchwaqws/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/u3nrqq7ecii4zngw7gbc225lvympqekb/", }, { trust: 0.8, url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/u3nrqq7ecii4zngw7gbc225lvympqekb/", }, { trust: 0.8, url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/dybrn5c2rw7jry75ib7q7zvkzchwaqws/", }, { trust: 0.8, url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/aalw42fwnq35f7kb3jvrc6nbvv7aayyi/", }, { trust: 0.8, url: "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3cdev.creadur.apache.org%3e", }, { trust: 0.8, url: "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3cdev.creadur.apache.org%3e", }, { trust: 0.8, url: "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3cdev.creadur.apache.org%3e", }, { trust: 0.8, url: "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3cdev.creadur.apache.org%3e", }, { trust: 0.8, url: "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3cdev.creadur.apache.org%3e", }, { trust: 0.8, url: "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3cdev.creadur.apache.org%3e", }, { trust: 0.7, url: "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3cdev.creadur.apache.org%3e", }, { trust: 0.7, url: "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-ant-affects-ibm-spectrum-symphony/", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021041363", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-gradle-version-in-ibp-javaenv-and-dind-images-depends-on-vulnerable-apache-ant/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.0315/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.0599", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021042536", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/160093/gentoo-linux-security-advisory-202011-18.html", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021072778", }, { trust: 0.6, url: "https://www.oracle.com/security-alerts/cpujul2021.html", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021042112", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-apache-ant-as-used-by-ibm-qradar-siem-is-vulnerable-to-insecure-temporary-files-cve-2020-11979/", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022012312", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/apache-ant-information-disclosure-via-fixcrlf-task-temporary-files-permissions-33683", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/161454/red-hat-security-advisory-2021-0423-01.html", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2023.1653", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021042319", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022042536", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-as-mitigation-for-cve-2020-1945-apache-ant-1-10-8-changed-the-permissions-of-temporary-files-it-created-so-that-only-the-current-user-was-allowed-to-access-them/", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/161644/red-hat-security-advisory-2021-0429-01.html", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerability-issues-affect-ibm-spectrum-symphony-7-3-1/", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-apache-ant-vulnerabilities-affect-ibm-control-center-cve-2020-1945-cve-2020-11979/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.0771", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021072823", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2022.6025", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021042640", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2020-1945", }, { trust: 0.3, url: "https://access.redhat.com/security/updates/classification/#important", }, { trust: 0.3, url: "https://listman.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2020-1945", }, { trust: 0.3, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.3, url: "https://bugzilla.redhat.com/):", }, { trust: 0.3, url: "https://access.redhat.com/security/team/key/", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2020-11979", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2021-21607", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2021-21606", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2021-21608", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2021-21609", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-21602", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-21608", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2021-21603", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-21603", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2021-21611", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-21605", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2021-21610", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-21607", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2021-21605", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-21609", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2021-21602", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-21604", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2021-21604", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2021-21615", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-21610", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-21615", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-21606", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-21611", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971612", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://security.gentoo.org/glsa/202007-34", }, { trust: 0.1, url: "https://creativecommons.org/licenses/by-sa/2.5", }, { trust: 0.1, url: "https://security.gentoo.org/", }, { trust: 0.1, url: "https://bugs.gentoo.org.", }, { trust: 0.1, url: "https://docs.openshift.com/container-platform/4.5/updating/updating-cluster", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2021:0429", }, { trust: 0.1, url: "https://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-rel", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2021:0428", }, { trust: 0.1, url: "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2021:0423", }, { trust: 0.1, url: "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhba-2021:0424", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-25658", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-2308", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-2306", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-2306", }, { trust: 0.1, url: "https://access.redhat.com/articles/11258.", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-2308", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-2307", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhba-2021:0638", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-2304", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-2309", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-2305", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-2309", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2021:0637", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-2305", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-2304", }, { trust: 0.1, url: "https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-2307", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-25658", }, ], sources: [ { db: "VULHUB", id: "VHN-164611", }, { db: "VULMON", id: "CVE-2020-11979", }, { db: "JVNDB", id: "JVNDB-2020-012067", }, { db: "PACKETSTORM", id: "160093", }, { db: "PACKETSTORM", id: "161644", }, { db: "PACKETSTORM", id: "161454", }, { db: "PACKETSTORM", id: "161647", }, { db: "NVD", id: "CVE-2020-11979", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202010-015", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-164611", }, { db: "VULMON", id: "CVE-2020-11979", }, { db: "JVNDB", id: "JVNDB-2020-012067", }, { db: "PACKETSTORM", id: "160093", }, { db: "PACKETSTORM", id: "161644", }, { db: "PACKETSTORM", id: "161454", }, { db: "PACKETSTORM", id: "161647", }, { db: "NVD", id: "CVE-2020-11979", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202010-015", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-10-01T00:00:00", db: "VULHUB", id: "VHN-164611", }, { date: "2020-10-01T00:00:00", db: "VULMON", id: "CVE-2020-11979", }, { date: "2021-04-22T00:00:00", db: "JVNDB", id: "JVNDB-2020-012067", }, { date: "2020-11-16T17:15:41", db: "PACKETSTORM", id: "160093", }, { date: "2021-03-03T15:53:12", db: "PACKETSTORM", id: "161644", }, { date: "2021-02-18T14:14:45", db: "PACKETSTORM", id: "161454", }, { date: "2021-03-03T15:53:58", db: "PACKETSTORM", id: "161647", }, { date: "2020-10-01T20:15:13.033000", db: "NVD", id: "CVE-2020-11979", }, { date: "2021-04-13T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, { date: "2020-10-01T00:00:00", db: "CNNVD", id: "CNNVD-202010-015", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-05-12T00:00:00", db: "VULHUB", id: "VHN-164611", }, { date: "2021-04-19T00:00:00", db: "VULMON", id: "CVE-2020-11979", }, { date: "2021-04-22T08:19:00", db: "JVNDB", id: "JVNDB-2020-012067", }, { date: "2023-11-07T03:15:17.033000", db: "NVD", id: "CVE-2020-11979", }, { date: "2021-04-14T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, { date: "2023-03-21T00:00:00", db: "CNNVD", id: "CNNVD-202010-015", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202010-015", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Apache Ant Vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2020-012067", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202010-015", }, ], trust: 1.2, }, }