cvedb.io
CVE-2022-41574
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2022-10-07T21:15:12.090 · Last modified 2026-06-17T05:03:25.060

Summary

An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpoint. This is fixed in 2022.3.2.

Affected products

gradle — enterprise

Does this affect you?

Add your gear to cvedb and we'll alert you only when gradle ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.