Gradle Plugin Publishing
By the Year
In 2024 there have been 0 vulnerabilities in Gradle Plugin Publishing . Plugin Publishing did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 1 | 6.50 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Plugin Publishing vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Gradle Plugin Publishing Security Vulnerabilities
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File
CVE-2020-7599
6.5 - Medium
- March 30, 2020
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is publicly visible (as it is in many popular public CI systems like TravisCI) this AWS pre-signed URL would allow a malicious actor to replace a recently uploaded plugin with their own.
Insertion of Sensitive Information into Log File
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Gradle Plugin Publishing or by Gradle? Click the Watch button to subscribe.