Security Advisory – Gradle Enterprise 2023.1 Update Resolves Default Password Security Issue

Gradle Enterprise versions prior to 2023.1 had a security issue where the initial system user password was a well-known default. This could allow unauthorized access if an attacker logged in before the administrator changed this password. The vulnerability, with moderate severity, is resolved in Gradle Enterprise 2023.1, which generates a unique initial password. Installations using the “unattended installation” method with a custom password were not affected. It’s recommended to upgrade to Gradle Enterprise 2023.1 or use the unattended installation process for earlier versions.

For more detailed information, please visit Gradle’s Security Advisory.