Exposure of HTTP proxy password in the Gradle Enterprise administration user interface

Gradle Enterprise can be configured to use an HTTP proxy for all outbound HTTP/HTTPS requests, which may include access credentials. From Gradle Enterprise 2022.3.3 through 2022.3.4, the administration user interface incorrectly reflected the configured password in plaintext. The credentials could be used by an attacker to send HTTP requests through the associated proxy server.

Gradle Enterprise installations not using an HTTP proxy with authentication configured are unaffected. Installations with the HTTP proxy authentication configuration provided in an encrypted format via the Gradle Enterprise unattended configuration mechanism are also unaffected.