nvd-json-data-feeds/CVE-2025/CVE-2025-248xx/CVE-2025-24858.json

{
  "id": "CVE-2025-24858",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2025-01-26T06:15:23.470",
  "lastModified": "2025-01-26T07:15:09.237",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Develocity (formerly Gradle Enterprise) before 2024.3.1 allows an attacker who has network access to a Develocity server to obtain the hashed password of the system user. The hash algorithm used by Develocity was chosen according to best practices for password storage and provides some protection against brute-force attempts. The applicable severity of this vulnerability depends on whether a Develocity server is accessible by external or unauthorized users, and the complexity of the System User password."
    },
    {
      "lang": "es",
      "value": "Develocity (anteriormente Gradle Enterprise) antes de la versi\u00f3n 2024.3.1 permite que un atacante que tenga acceso de red a un servidor de Develocity obtenga la contrase\u00f1a cifrada del usuario sistema. El algoritmo de cifrado utilizado por Develocity se eligi\u00f3 de acuerdo con las mejores pr\u00e1cticas para el almacenamiento de contrase\u00f1as y brinda cierta protecci\u00f3n contra intentos de ataque por fuerza bruta. La gravedad aplicable de esta vulnerabilidad depende de si un servidor de Develocity es accesible por usuarios externos o no autorizados y de la complejidad de la contrase\u00f1a del usuario System."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "cve@mitre.org",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "attackRequirements": "NONE",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "LOW",
          "vulnAvailabilityImpact": "LOW",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "subAvailabilityImpact": "NONE",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirement": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "availabilityRequirement": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED"
        }
      }
    ]
  },
  "weaknesses": [
    {
      "source": "cve@mitre.org",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-201"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://security.gradle.com/advisory/2025-01",
      "source": "cve@mitre.org"
    }
  ]
}