How severe is CVE-2023-26053?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2023-26053?

This is classified as CWE-829, which is a common weakness in software security.

CVE-2023-26053 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs (64bits) for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a `trusted-key` or `pgp` element in their dependency verification metadata file. The fix is to fail dependency verification if anything but a fingerprint is used in a trust element in dependency verification metadata. The problem is fixed in Gradle 8.0 and above. The problem is also patched in Gradle 6.9.4 and 7.6.1. As a workaround, use only full fingerprint IDs for `trusted-key` or `pgp` element in the metadata is a protection against this issue.

Related Vulnerabilities

CVE-2004-0030

CRITICAL

CVSS:9.8(Critical)

PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modif...

CWE-8292004

CVE-2004-0285

CRITICAL

CVSS:9.8(Critical)

PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMV...

CWE-8292004

CVE-2010-2076

CRITICAL

CVSS:9.8(Critical)

Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not p...

CWE-8292010

CVE-2012-4919

CRITICAL

CVSS:9.8(Critical)

Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability

CWE-8292012

CVE-2017-1376

CRITICAL

CVSS:9.8(Critical)

A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. IBM X-Force ID: 126873.

CWE-8292017

CVE-2017-5397

CRITICAL

CVSS:9.8(Critical)

The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious applicatio...

CWE-8292017