All advisories

Local user login is susceptible to brute force password guessing

Affected product(s)

  • Gradle Enterprise 2018.5

Severity

Moderate

Related CVE ID(s)

Description

An attacker can potentially make repeated attempts to guess a local user's password, due to lack of lock-out after excessive failed logins.

Mitigation

Upgrade to Gradle Enterprise 2020.2.5.

Credit

This issue was responsibly reported by Compass Security.