Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-41574

An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpoint. This is fixed in 2022.3.2.

Published

2022-10-07T21:15:12.090

Last Modified

2024-11-21T07:23:25.140

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-863

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gradle	enterprise	< 2022.3.2	Yes

References

https://security.gradle.com Vendor Advisory ([email protected])
https://security.gradle.com/advisory/2022-12 Mitigation, Vendor Advisory ([email protected])
https://security.gradle.com Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gradle.com/advisory/2022-12 Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)