CVE-2022-23630

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-23630

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23630.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-23630

Aliases

BIT-gradle-2022-23630
GHSA-9pf5-88jw-3qgr

Related

UBUNTU-CVE-2022-23630

Published

2022-02-10T20:15:07Z

Modified

2024-10-12T09:23:51.436771Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled on one or more configurations and those configurations have common dependencies with other configurations that have dependency verification enabled. If the configuration that has dependency verification disabled is resolved first, Gradle does not verify the common dependencies for the configuration that has dependency verification enabled. Gradle 7.4 fixes that issue by validating artifacts at least once if they are present in a resolved configuration that has dependency verification active. For users who cannot update either do not use ResolutionStrategy.disableDependencyVerification() and do not use plugins that use that method to disable dependency verification for a single configuration or make sure resolution of configuration that disable that feature do not happen in builds that resolve configuration where the feature is enabled.

References

Affected packages

Git / github.com/gradle/gradle

Affected ranges

Type: GIT
Repo: https://github.com/gradle/gradle
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

88ab9b652933bc3b2e3161b31ad8b8f4f0516351

Affected versions

REL-0.*

REL-0.8

REL-0.9-preview-1

REL-0.9-preview-2

REL-0.9-preview-3

REL-0.9-rc-1

REL_0.*

REL_0.9

REL_0.9-rc-2

REL_0.9-rc-3

REL_0.9.1

REL_0.9.2

REL_1.*

REL_1.0

REL_1.0-milestone-1

REL_1.0-milestone-2

REL_1.0-milestone-3

REL_1.0-milestone-4

REL_1.0-milestone-5

REL_1.0-milestone-6

REL_1.0-milestone-7

REL_1.0-milestone-8

REL_1.0-milestone-8a

REL_1.0-milestone-9

REL_1.0-rc-1

REL_1.0-rc-2

REL_1.0-rc-3

REL_1.1

REL_1.1-rc-1

REL_1.1-rc-2

REL_1.10

REL_1.10-rc-1

REL_1.10-rc-2

REL_1.11

REL_1.11-rc-1

REL_1.12

REL_1.12-rc-1

REL_1.12-rc-2

REL_1.2

REL_1.2-rc-1

REL_1.3

REL_1.3-rc-1

REL_1.3-rc-2

REL_1.4

REL_1.4-rc-1

REL_1.4-rc-2

REL_1.4-rc-3

REL_1.5

REL_1.5-rc-1

REL_1.5-rc-2

REL_1.5-rc-3

REL_1.6

REL_1.6-rc-1

REL_1.7

REL_1.7-rc-1

REL_1.7-rc-2

REL_1.8

REL_1.8-rc-1

REL_1.8-rc-2

REL_1.9

REL_1.9-rc-1

REL_1.9-rc-2

REL_1.9-rc-3

REL_1.9-rc-4

REL_2.*

REL_2.0

REL_2.0-rc-1

REL_2.0-rc-2

REL_2.1

REL_2.1-rc-1

REL_2.1-rc-2

REL_2.1-rc-3

REL_2.1-rc-4

REL_2.10

REL_2.10-rc-1

REL_2.10-rc-2

REL_2.11

REL_2.11-rc-1

REL_2.11-rc-2

REL_2.11-rc-3

REL_2.12

REL_2.12-rc-1

REL_2.13

REL_2.13-rc-1

REL_2.13-rc-2

REL_2.14

REL_2.14-rc-1

REL_2.14-rc-2

REL_2.14-rc-3

REL_2.14-rc-4

REL_2.14-rc-5

REL_2.14-rc-6

REL_2.14.1

REL_2.14.1-rc-1

REL_2.14.1-rc-2

REL_2.2

REL_2.2-rc-1

REL_2.2-rc-2

REL_2.2.1

REL_2.2.1-rc-1

REL_2.3

REL_2.3-rc-1

REL_2.3-rc-2

REL_2.3-rc-3

REL_2.3-rc-4

REL_2.4

REL_2.4-rc-1

REL_2.4-rc-2

REL_2.5

REL_2.5-rc-1

REL_2.5-rc-2

REL_2.6

REL_2.6-rc-1

REL_2.6-rc-2

REL_2.7

REL_2.7-rc-1

REL_2.7-rc-2

REL_2.8

REL_2.8-rc-1

REL_2.8-rc-2

REL_2.9

REL_2.9-rc-1

REL_3.*

REL_3.0

REL_3.0-milestone-1

REL_3.0-milestone-2

REL_3.0-rc-1

REL_3.0-rc-2

REL_3.1

REL_3.1-rc-1

REL_3.2

REL_3.2-rc-1

REL_3.2-rc-2

REL_3.2-rc-3

REL_3.2.1

REL_3.3

REL_3.3-rc-1

REL_3.4

REL_3.4-rc-2

REL_3.4-rc-3

REL_3.4.1

REL_3.5

REL_3.5-rc-1

REL_3.5-rc-2

REL_3.5-rc-3

REL_3.5.1

REL_4.*

REL_4.0

REL_4.0-milestone-1

REL_4.0-milestone-2

REL_4.0-rc-1

REL_4.0-rc-2

REL_4.0-rc-3

REL_4.0.1

REL_4.0.2

REL_4.1

REL_4.1-milestone-1

REL_4.1-rc-1

REL_4.1-rc-2

REL_4.2

REL_4.2-rc-1

REL_4.2-rc-2

REL_4.2.1

REL_4.3

REL_4.3-rc-1

REL_4.3-rc-2

REL_4.3-rc-3

REL_4.3-rc-4

REL_4.3.1

REL_4.4

REL_4.4-rc-1

REL_4.4-rc-2

REL_4.4-rc-3

REL_4.4-rc-4

REL_4.4-rc-5

REL_4.4-rc-6

v0.*

v0.8.0

v0.9.0

v0.9.0-RC1

v0.9.0-RC2

v0.9.0-RC3

v0.9.1

v0.9.2

v1.*

v1.0.0

v1.0.0-M1

v1.0.0-M2

v1.0.0-M3

v1.0.0-M4

v1.0.0-M5

v1.0.0-M6

v1.0.0-M7

v1.0.0-M8

v1.0.0-M8a

v1.0.0-M9

v1.0.0-RC1

v1.0.0-RC2

v1.0.0-RC3

v1.1.0

v1.1.0-RC1

v1.1.0-RC2

v1.10.0

v1.10.0-RC1

v1.10.0-RC2

v1.11.0

v1.11.0-RC1

v1.12.0

v1.12.0-RC1

v1.12.0-RC2

v1.2.0

v1.2.0-RC1

v1.3.0

v1.3.0-RC1

v1.3.0-RC2

v1.4.0

v1.4.0-RC1

v1.4.0-RC2

v1.4.0-RC3

v1.5.0

v1.5.0-RC1

v1.5.0-RC2

v1.5.0-RC3

v1.6.0

v1.6.0-RC1

v1.7.0

v1.7.0-RC1

v1.7.0-RC2

v1.8.0

v1.8.0-RC1

v1.8.0-RC2

v1.9.0

v1.9.0-RC1

v1.9.0-RC2

v1.9.0-RC3

v1.9.0-RC4

v2.*

v2.0.0

v2.0.0-RC1

v2.0.0-RC2

v2.1.0

v2.1.0-RC1

v2.1.0-RC2

v2.1.0-RC3

v2.1.0-RC4

v2.10.0

v2.10.0-RC1

v2.10.0-RC2

v2.11.0

v2.11.0-RC1

v2.11.0-RC2

v2.11.0-RC3

v2.12.0

v2.12.0-RC1

v2.13.0

v2.13.0-RC1

v2.13.0-RC2

v2.14.0

v2.14.0-RC1

v2.14.0-RC2

v2.14.0-RC3

v2.14.0-RC4

v2.14.0-RC5

v2.14.0-RC6

v2.14.1

v2.14.1-RC1

v2.14.1-RC2

v2.2.0

v2.2.0-RC1

v2.2.0-RC2

v2.2.1

v2.2.1-RC1

v2.3.0

v2.3.0-RC1

v2.3.0-RC2

v2.3.0-RC3

v2.3.0-RC4

v2.4.0

v2.4.0-RC1

v2.4.0-RC2

v2.5.0

v2.5.0-RC1

v2.5.0-RC2

v2.6.0

v2.6.0-RC1

v2.6.0-RC2

v2.7.0

v2.7.0-RC1

v2.7.0-RC2

v2.8.0

v2.8.0-RC1

v2.8.0-RC2

v2.9.0

v2.9.0-RC1

v3.*

v3.0.0

v3.0.0-M1

v3.0.0-M2

v3.0.0-RC1

v3.0.0-RC2

v3.1.0

v3.1.0-RC1

v3.2.0

v3.2.0-RC1

v3.2.0-RC2

v3.2.0-RC3

v3.2.1

v3.3.0

v3.3.0-RC1

v3.4.0

v3.4.0-RC1

v3.4.0-RC2

v3.4.0-RC3

v3.4.1

v3.5.0

v3.5.0-RC1

v3.5.0-RC2

v3.5.0-RC3

v3.5.1

v4.*

v4.0.0

v4.0.0-M1

v4.0.0-M2

v4.0.0-RC1

v4.0.0-RC2

v4.0.0-RC3

v4.0.0-milestone-1

v4.0.1

v4.0.2

v4.1.0

v4.1.0-M1

v4.1.0-RC1

v4.1.0-RC2

v4.10.0

v4.10.0-RC1

v4.10.0-RC2

v4.10.0-RC3

v4.10.1

v4.10.2

v4.2.0

v4.2.0-RC1

v4.2.0-RC2

v4.2.1

v4.3.0

v4.3.0-RC1

v4.3.0-RC2

v4.3.0-RC3

v4.3.0-RC4

v4.3.1

v4.4.0

v4.4.0-RC1

v4.4.0-RC2

v4.4.0-RC3

v4.4.0-RC4

v4.4.0-RC5

v4.4.0-RC6

v4.4.1

v4.5.0

v4.5.0-RC1

v4.5.0-RC2

v4.5.1

v4.6.0

v4.6.0-RC1

v4.6.0-RC2

v4.7.0

v4.7.0-RC1

v4.7.0-RC2

v4.8.0

v4.8.0-RC1

v4.8.0-RC2

v4.8.0-RC3

v4.8.1

v4.9.0

v4.9.0-RC1

v4.9.0-RC2

v5.*

v5.0.0

v5.0.0-M1

v5.0.0-RC1

v5.0.0-RC2

v5.0.0-RC3

v5.0.0-RC4

v5.0.0-RC5

v5.1.0

v5.1.0-M1

v5.1.0-RC1

v5.1.0-RC2

v5.1.0-RC3

v5.1.1

v5.2.0

v5.2.0-RC1

v5.2.1

v5.3.0

v5.3.0-RC1

v5.3.0-RC2

v5.3.0-RC3

v5.3.1

v5.4.0

v5.4.0-RC1

v5.4.1

v5.5.0

v5.5.0-RC1

v5.5.0-RC2

v5.5.0-RC3

v5.5.0-RC4

v5.5.1

v5.6.0

v5.6.0-RC1

v5.6.0-RC2

v5.6.1

v5.6.2

v5.6.3

v5.6.4

v6.*

v6.0.0

v6.0.0-RC1

v6.0.0-RC2

v6.0.0-RC3

v6.0.1

v6.1.0

v6.1.0-M1

v6.1.0-M2

v6.1.0-M3

v6.1.0-RC1

v6.1.0-RC2

v6.1.0-RC3

v6.1.1

v6.2.0

v6.2.0-RC1

v6.2.0-RC2

v6.2.0-RC3

v6.2.1

v6.2.2

v6.3.0

v6.3.0-RC1

v6.3.0-RC2

v6.3.0-RC3

v6.3.0-RC4

v6.4.0

v6.4.0-RC1

v6.4.0-RC2

v6.4.0-RC3

v6.4.0-RC4

v6.4.1

v6.5.0

v6.5.0-M1

v6.5.0-M2

v6.5.0-RC1

v6.5.1

v6.6.0

v6.6.0-M1

v6.6.0-M2

v6.6.0-M3

v6.6.0-RC1

v6.6.0-RC2

v6.6.0-RC3

v6.6.0-RC4

v6.6.0-RC5

v6.6.0-RC6

v6.6.1

v6.7.0

v6.7.0-RC1

v6.7.0-RC2

v6.7.0-RC3

v6.7.0-RC4

v6.7.0-RC5

v6.7.1

v6.8.0

v6.8.0-M1

v6.8.0-M2

v6.8.0-M3

v6.8.0-RC1

v6.8.0-RC2

v6.8.0-RC3

v6.8.0-RC4

v6.8.0-RC5

v6.8.1

v6.8.2

v6.8.3

v7.*

v7.0.0

v7.0.0-M1

v7.0.0-M2

v7.0.0-M3

v7.0.0-RC1

v7.0.0-RC2

v7.0.1

v7.0.2

v7.1.0

v7.1.0-RC1

v7.1.0-RC2

v7.1.1

v7.2.0

v7.2.0-RC1

v7.2.0-RC2

v7.2.0-RC3

v7.3.0

v7.3.0-RC1

v7.3.0-RC2

v7.3.0-RC3

v7.3.0-RC4

v7.3.0-RC5

v7.3.1

v7.3.2

v7.3.3

v7.3.3-RC1

v7.4.0-RC1