CVE-2023-49238

CRITICAL

Gradle Enterprise <2023.1 - Privilege Escalation

Title source: llm

Description

In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in before the legitimate administrator logs in.

References (3)

[Vendor Advisory] https://security.gradle.com

[Vendor Advisory] https://security.gradle.com/advisory/2023-01

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20240216-0003/

Scores

CVSS v3 9.8

EPSS 0.0082

EPSS Percentile 74.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-521

Status published

Products (1)

gradle/enterprise < 2023.1

Published Jan 09, 2024

Tracked Since Feb 18, 2026