CVE-2023-49238

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 9, 2024
Updated: Feb 16, 2024
CWE ID 521

Summary

CVE-2023-49238 is a vulnerability affecting Gradle Enterprise versions prior to 2023.1. The issue involves a non-unique initial system user password, which can allow a remote attacker to gain access to a new installation in certain scenarios. While the password must be changed upon the first login, there is a risk that an attacker could log in before the legitimate administrator, resulting in unauthorized access. This vulnerability poses a significant security risk and requires immediate attention from Gradle Enterprise users to apply the necessary patch or upgrade.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share