Build cache credentials are stored unencrypted at rest
- Gradle Enterprise < 2018.5.3
- Gradle Enterprise Build Cache Node < 6.0
Related CVE ID(s)
Build cache user credentials are stored unencrypted at the Gradle Enterprise server, and build cache nodes. An attacker gaining access to the server can obtain the passwords used to access the cache via the HTTP interface.
Upgrade to Gradle Enterprise 2018.5.3 and/or Gradle Enterprise Build Cache Node 6.0.