All advisories

Build cache credentials are stored unencrypted at rest

Affected product(s)

Gradle Enterprise < 2018.5.3
Gradle Enterprise Build Cache Node < 6.0

Severity

High

Published at

2019-04-22

Related CVE ID(s)

CVE-2019-1140

Description

Build cache user credentials are stored unencrypted at the Gradle Enterprise server, and build cache nodes. An attacker gaining access to the server can obtain the passwords used to access the cache via the HTTP interface.

Mitigation

Upgrade to Gradle Enterprise 2018.5.3 and/or Gradle Enterprise Build Cache Node 6.0.