Gradle Enterprise Admin CLI command execution | CVE-2022-30586

June 8, 2022

NAME

Gradle Enterprise Admin CLI command execution

  • Platforms Affected:
    Gradle Gradle Enterprise Admin CLI 1.3.0
    Gradle Gradle Enterprise Admin CLI 1.2.9
  • Risk Level:
    9.8
  • Exploitability:
    Unproven
  • Consequences:
    Gain Access

DESCRIPTION

Gradle Enterprise Admin CLI could allow a remote attacker to execute arbitrary commands on the system, caused by improper access control when resetting the system user password. An attacker could exploit this vulnerability to execute arbitrary commands on the system in the context of an enterprise-app pod instance.

CVSS 3.0 Information

  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Access Vector: Network
  • Access Complexity: Low
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
  • Remediation Level: Official Fix

MITIGATION

Refer to Gradle Security Advisory 2022-09 for patch, upgrade or suggested workaround information. See References.

  • Reference Link:
    https://security.gradle.com/advisory/2022-09
  • Reference Link:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30586

If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.

Digital Patreon Wordmark FieryCoralv2

You may have missed

image

[RAWORLD] – Ransomware Victim: Co****nt

November 25, 2024
image

[KILLSEC] – Ransomware Victim: inv[[.][.][.]]nator

November 25, 2024
image

[KILLSEC] – Ransomware Victim: Ithbar

November 25, 2024
image

[KILLSEC] – Ransomware Victim: RiverRestHome

November 25, 2024
image

[KILLSEC] – Ransomware Victim: Dardoc

November 25, 2024