Vulnerability Description
In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in before the legitimate administrator logs in.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gradle | Enterprise | < 2023.1 |
Related Weaknesses (CWE)
References
- https://security.gradle.comVendor Advisory
- https://security.gradle.com/advisory/2023-01Vendor Advisory
- https://security.netapp.com/advisory/ntap-20240216-0003/
- https://security.gradle.comVendor Advisory
- https://security.gradle.com/advisory/2023-01Vendor Advisory
- https://security.netapp.com/advisory/ntap-20240216-0003/
FAQ
What is CVE-2023-49238?
CVE-2023-49238 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Althoug...
How severe is CVE-2023-49238?
CVE-2023-49238 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-49238?
Check the references section above for vendor advisories and patch information. Affected products include: Gradle Enterprise.