← Volver a CVEs

CVE-2023-49238

CRITICAL

9.8

Descripcion

In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in before the legitimate administrator logs in.

Detalles CVE

Puntuacion CVSS v3.19.8

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado1/9/2024

Ultima modificacion6/17/2025

Fuentenvd

Avistamientos honeypot0

Productos afectados

gradle:enterprise

Debilidades (CWE)

CWE-521CWE-521

Referencias

https://security.gradle.com(cve@mitre.org)

https://security.gradle.com/advisory/2023-01(cve@mitre.org)

https://security.netapp.com/advisory/ntap-20240216-0003/(cve@mitre.org)

https://security.gradle.com(af854a3a-2127-422b-91ae-364da2661108)

https://security.gradle.com/advisory/2023-01(af854a3a-2127-422b-91ae-364da2661108)

https://security.netapp.com/advisory/ntap-20240216-0003/(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.