CVE-2022-27919
CRITICALGradle Enterprise >=2020.4 <2021.4.3 - Remote Code Execution via Default Configuration
Title source: llmDescription
Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API.
References (1)
Core 1
Core References
Mitigation, Vendor Advisory x_refsource_misc
https://security.gradle.com/advisory/2022-05
Scores
CVSS v3
9.8
EPSS
0.0173
EPSS Percentile
74.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-276
Status
published
Products (1)
gradle/enterprise
2020.4 - 2021.4.3
Published
Mar 25, 2022
Tracked Since
Feb 18, 2026