CVE-2023-49238

In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in before the legitimate administrator logs in.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
gradleenterprise
𝑥
< 2023.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.gradle.com
https://security.gradle.com/advisory/2023-01
https://security.netapp.com/advisory/ntap-20240216-0003/
https://security.gradle.com
https://security.gradle.com/advisory/2023-01
https://security.netapp.com/advisory/ntap-20240216-0003/