Grails Cleartext HTTP Information Disclosure Vulnerabilty
A vulnerability in Grails could allow an unauthenticated, remote attacker to compromise or modify files on a targeted system.
The vulnerability exists because the affected software uses cleartext HTTP to resolve the SDKMan notification service. An attacker could exploit this vulnerability by performing a man-in-the-middle attack to compromise or modify files from the targeted system. A successful exploit could be used to conduct further attacks.
Proof-of-concept code that demonstrates an exploit of this vulnerability is available.
Grails has confirmed the vulnerability and released software updates.
Security Impact Rating: High