CVE-2022-27919
First published: Fri Mar 25 2022(Updated: )
Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gradle Enterprise | >=2020.4<=2021.4.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-27919?
CVE-2022-27919 is a vulnerability in Gradle Enterprise that allows remote code execution if the installation process did not specify an initial configuration file.
How severe is CVE-2022-27919?
CVE-2022-27919 has a severity rating of 9.8, which is considered critical.
How does CVE-2022-27919 occur?
CVE-2022-27919 occurs when the installation process of Gradle Enterprise does not provide an initial configuration file, which allows for remote code execution.
What is the affected software?
The affected software is Gradle Enterprise versions between 2020.4 and 2021.4.3.
How can I fix CVE-2022-27919?
To fix CVE-2022-27919, update Gradle Enterprise to version 2022.1 or later.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/references
- agent/weakness
- agent/severity
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/gradle
- canonical/gradle enterprise
- version/gradle enterprise/2020.4
- version/gradle enterprise/2021.4.3