Unauthenticated Remote Code Execution in Gradle Enterprise (before 2022.1)

Unauthenticated Remote Code Execution in Gradle Enterprise (before 2022.1)

CVE-2022-27919 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API.

Learn more about our Api Penetration Testing.