Anyone using the Gradle build tool to resolve dependencies against a custom authenticated repository may be vulnerable.
Package org.gradle.api.artifacts.repositories. Interface PasswordCredentials.
The credentials plugin provides a parallel functionality to the 'gradle.properties' file to store and access credentials in an encrypted format through a 'gradle.encrypted.properties' files, thereby avoiding that credentials are ever stored in plain text. Properties. The credentials plugin provides a parallel functionality to the 'gradle.properties' file to store and access credentials in an encrypted format through a 'gradle.encrypted.properties' files, thereby avoiding that credentials are ever stored in plain text. If no credentials have been assigned to this repository, an empty set of username and password credentials is assigned to this repository and returned. Maven repositories which require Authentication can be used with gradle, but this just works with Basic Authentication and AWS S3.
All Superinterfaces: Credentials, PasswordCredentials. username: If you are using a different type of credentials than PasswordCredentials , please use getCredentials(Class) to obtain the credentials. Gradle may leak authentication data to third parties.
Write in Java, C++, Python or your language of choice. This is tracked by CVE-2019-15052. Gradle plugin to store and access encrypted credentials for use in Gradle builds. Go monorepo or multi-repo. This is an information disclosure vulnerability (CWE-522: Insufficiently Protected Credentials) for the Gradle Build tool. This works even with Bitbucket used as maven repository, but not for others, such as Gitlab. A username/password credentials that can be used to login to password-protected remote repository. Package for deployment on any platform. PasswordCredentials: A username/password credentials that can be used to login to password-protected remote repository. public interface PasswordCredentials extends PasswordCredentials. Property: Description: password: The password to use when authenticating to this repository. From mobile apps to microservices, from small startups to big enterprises, Gradle helps teams build, automate and deliver better software, faster.