Tag
#gradle
CVE-2019-11403: 2018.5
In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page.
CVE-2019-11402: 2018.5
In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format.
CVE-2019-11065: Use HTTPS for GoogleAPIs repository by lacasseio · Pull Request #8927 · gradle/gradle
Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.