Description
A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials). This is fixed in 2022.3.3.
References (2)
Core 2
Core References
Vendor Advisory
https://security.gradle.com
Vendor Advisory
https://security.gradle.com/advisory/2022-13
Scores
CVSS v3
7.5
EPSS
0.0072
EPSS Percentile
49.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-522
Status
published
Products (1)
gradle/enterprise
2022.3 - 2022.3.3
Published
Oct 21, 2022
Tracked Since
Feb 18, 2026