CVE-2021-41584
7.5 HIGHGradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/config...
Published: 2021-09-24 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
| Vendor | Product |
|---|---|
| gradle | gradle |
Description
Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-41584
- [Vendor advisory]https://security.gradle.com/advisory/2021-02
- [Vendor advisory]https://security.gradle.com/advisory/2021-02
Related CVEs
Same vendor
- CVE-2021-41619 — An issue was discovered in Gradle Enterprise before 2021.1.2 (7.2 HIGH)
- CVE-2021-41590 — In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test (5.3 MEDIUM)
- CVE-2021-41589 — In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code exec... (9.8 CRITICAL)
- CVE-2021-41588 — In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects (8.1 HIGH)
- CVE-2021-41587 — In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other... (7.5 HIGH)