Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-49238

In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in before the legitimate administrator logs in.

Published

2024-01-09T02:15:44.837

Last Modified

2025-06-17T16:15:25.137

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-521
Type: Secondary
CWE-521

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gradle	enterprise	< 2023.1	Yes

References

https://security.gradle.com Vendor Advisory ([email protected])
https://security.gradle.com/advisory/2023-01 Vendor Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20240216-0003/ ([email protected])
https://security.gradle.com Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gradle.com/advisory/2023-01 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240216-0003/ (af854a3a-2127-422b-91ae-364da2661108)