CVE-2023-49238

critical

Description

In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in before the legitimate administrator logs in.

References

https://security.netapp.com/advisory/ntap-20240216-0003/

https://security.gradle.com/advisory/2023-01

https://security.gradle.com

Details

Source: Mitre, NVD

Published: 2024-01-09

Updated: 2024-02-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical