In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in before the legitimate administrator logs in.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-01-09T00:00:00

Updated: 2024-08-27T16:07:41.010Z

Reserved: 2023-11-24T00:00:00

Link: CVE-2023-49238

cve-icon Vulnrichment

Updated: 2024-08-02T21:53:45.499Z

cve-icon NVD

Status : Modified

Published: 2024-01-09T02:15:44.837

Modified: 2024-11-21T08:33:05.747

Link: CVE-2023-49238

cve-icon Redhat

No data.