In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in before the legitimate administrator logs in.
References
Link | Resource |
---|---|
https://security.gradle.com | Vendor Advisory |
https://security.gradle.com/advisory/2023-01 | Vendor Advisory |
https://security.netapp.com/advisory/ntap-20240216-0003/ |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2024-01-09T00:00:00
Updated: 2024-02-16T13:05:59.196252
Reserved: 2023-11-24T00:00:00
Link: CVE-2023-49238
JSON object: View
NVD Information
Status : Modified
Published: 2024-01-09T02:15:44.837
Modified: 2024-02-16T13:15:09.633
Link: CVE-2023-49238
JSON object: View
Redhat Information
No data.
CWE