Vulnerability Details CVE-2023-49238
In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in before the legitimate administrator logs in.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.4%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2023-49238
-
cpe:2.3:a:gradle:enterprise:2017.1
-
cpe:2.3:a:gradle:enterprise:2017.3
-
cpe:2.3:a:gradle:enterprise:2018.2
-
cpe:2.3:a:gradle:enterprise:2018.5
-
cpe:2.3:a:gradle:enterprise:2018.5.1
-
cpe:2.3:a:gradle:enterprise:2018.5.2
-
cpe:2.3:a:gradle:enterprise:2018.5.3
-
cpe:2.3:a:gradle:enterprise:2020.1
-
cpe:2.3:a:gradle:enterprise:2020.2
-
cpe:2.3:a:gradle:enterprise:2020.2.4
-
cpe:2.3:a:gradle:enterprise:2020.2.5
-
cpe:2.3:a:gradle:enterprise:2020.4
-
cpe:2.3:a:gradle:enterprise:2021.3
-
cpe:2.3:a:gradle:enterprise:2021.4.2
-
cpe:2.3:a:gradle:enterprise:2021.4.3
-
cpe:2.3:a:gradle:enterprise:2022.1
-
cpe:2.3:a:gradle:enterprise:2022.3.1
-
cpe:2.3:a:gradle:enterprise:2022.3.2