exploitDog

CVE-2023-49238

Опубликовано: 09 янв. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in before the legitimate administrator logs in.

Ссылки

https://security.gradle.com
Vendor Advisory
https://security.gradle.com/advisory/2023-01
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240216-0003/
https://security.gradle.com
Vendor Advisory
https://security.gradle.com/advisory/2023-01
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240216-0003/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gradle:enterprise:*:*:*:*:*:*:*:*

Версия до 2023.1 (исключая)

EPSS

Процентиль: 74%

0.00822

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-521

CWE-521

Связанные уязвимости

GHSA-4766-3xqh-rp5x

CVSS3: 9.8

github

около 2 лет назад

In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in before the legitimate administrator logs in.

EPSS

Процентиль: 74%

0.00822

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-521

CWE-521