CVE-2023-35947 Overview
CVE-2023-35947 is a path traversal vulnerability affecting Gradle, a widely-used build automation tool supporting multi-language development. This vulnerability, commonly known as TarSlip (a variant of the well-known ZipSlip attack), occurs when Gradle unpacks Tar archives without properly validating that extracted files remain within the intended destination directory.
When processing malicious Tar archives containing path traversal sequences (such as ../), Gradle fails to validate entry names, allowing attackers to write files to arbitrary locations on the filesystem where the Gradle process has write permissions. This can lead to critical file overwrites, arbitrary file reads, and potential code execution through the compromise of build cache infrastructure.
Critical Impact
Attackers can overwrite critical system or application files, disclose sensitive information through arbitrary file reads, and potentially compromise CI/CD pipelines by injecting malicious entries into Gradle's remote build cache.
Affected Products
- Gradle versions prior to 7.6.2
- Gradle versions 8.0 through 8.1.x (prior to 8.2)
- Systems utilizing Gradle Build Cache with untrusted remote cache servers
Discovery Timeline
- 2023-06-30 - CVE-2023-35947 published to NVD
- 2025-04-11 - Last updated in NVD database
Technical Details for CVE-2023-35947
Vulnerability Analysis
This path traversal vulnerability (CWE-22) stems from Gradle's insufficient validation of Tar archive entry names during extraction operations. When Gradle processes Tar archives—whether from direct file operations or through its Build Cache mechanism—it does not verify that the resolved file paths remain within the intended extraction directory.
The vulnerability can be exploited through two primary attack surfaces:
Direct Tar Archive Processing: If a build script extracts Tar archives from untrusted sources, malicious entries with path traversal sequences can escape the target directory.
Build Cache Poisoning: Gradle's Build Cache uses Tar archives internally. An attacker with write access to a remote build cache server, or one capable of performing a man-in-the-middle attack between the cache and the build, can inject malicious cache entries containing path traversal payloads.
Root Cause
The root cause lies in Gradle's AbstractArchiveFileTreeElement and TarFileTree classes, which did not incorporate path traversal detection when resolving file destinations during Tar extraction. The entry names from Tar archives were used directly without sanitization, allowing relative path components like ../ to traverse outside the intended extraction directory.
Attack Vector
An attacker must either control or manipulate a Tar archive that Gradle processes during a build. This can occur through:
- Compromising an upstream dependency or artifact server that provides Tar archives
- Gaining write access to a remote Gradle Build Cache server
- Performing a man-in-the-middle attack on unencrypted connections to remote build caches
- Social engineering a developer to use a malicious Tar archive in their build
The following patches from the Gradle Security Advisory demonstrate the fix implementation:
import org.gradle.api.internal.file.AbstractFileTreeElement;
import org.gradle.internal.file.Chmod;
import org.gradle.util.internal.GFileUtils;
+import org.gradle.util.internal.ZipSlip;
import java.io.File;
import java.util.concurrent.atomic.AtomicBoolean;
Source: GitHub Commit 1096b309
The fix introduces a ZipSlip helper class to validate archive entry names:
}
@Override
- protected String safeEntryName() {
+ protected String getEntryName() {
return entry.getName();
}
Source: GitHub Commit 1096b309
The build cache packaging module was also updated to incorporate path traversal protection:
api(project(":files"))
implementation(project(":base-annotations"))
-
+ implementation(project(":wrapper-shared")) {
+ because("We need to access the ZipSlip helper class")
+ }
implementation(libs.guava)
implementation(libs.commonsCompress)
implementation(libs.commonsIo)
Source: GitHub Commit 2e5c34d5
Detection Methods for CVE-2023-35947
Indicators of Compromise
- Unexpected file modifications outside of project directories during Gradle builds
- Files appearing in system directories (/etc/, /usr/, C:\Windows\) coinciding with build operations
- Build cache entries containing suspicious Tar archive entry names with ../ sequences
- Anomalous network traffic to remote build cache servers from untrusted sources
Detection Strategies
- Monitor Gradle build logs for unusual file write operations outside expected project paths
- Implement file integrity monitoring (FIM) on critical system files and directories during CI/CD builds
- Audit remote build cache access logs for unauthorized write operations or suspicious patterns
- Scan Tar archives processed by builds for entries containing path traversal sequences before extraction
Monitoring Recommendations
- Deploy SentinelOne agents on build servers to detect and alert on anomalous file system activity during build processes
- Enable verbose logging for Gradle builds in CI/CD pipelines to capture detailed file operation records
- Implement network segmentation and monitoring for build cache infrastructure
- Use SentinelOne's behavioral AI to identify unusual process behavior patterns indicative of path traversal exploitation
How to Mitigate CVE-2023-35947
Immediate Actions Required
- Upgrade Gradle to version 7.6.2 or later for the 7.x branch, or version 8.2 or later for the 8.x branch
- Audit all Tar archives used in build processes for path traversal sequences before upgrading
- Restrict write access to remote build cache servers to trusted parties only
- Ensure all connections to remote build caches use TLS/HTTPS to prevent man-in-the-middle attacks
- Review CI/CD pipeline configurations for builds that process Tar archives from external sources
Patch Information
Gradle has released security patches in versions 7.6.2 and 8.2. The fix implements validation that rejects Tar archives containing path traversal elements in entry names. The patches introduce a ZipSlip helper class that checks for directory traversal attempts before allowing file extraction.
Relevant security commits:
For additional details, refer to the Gradle Security Advisory GHSA-84mw-qh6q-v842 and the NetApp Security Advisory.
Workarounds
- There is no official workaround for this vulnerability; upgrading is the recommended remediation
- If upgrading is not immediately possible, manually inspect all Tar archives used in builds to verify they do not contain path traversal sequences
- Disable remote build cache functionality until the upgrade can be applied if cache integrity cannot be guaranteed
- Implement network-level controls to ensure only authenticated and encrypted connections to build cache servers
# Check current Gradle version
./gradlew --version
# Upgrade Gradle wrapper to patched version (7.6.2 or 8.2+)
./gradlew wrapper --gradle-version 8.2
# Verify build cache remote connection uses HTTPS
# In settings.gradle or settings.gradle.kts:
# buildCache {
# remote(HttpBuildCache) {
# url = 'https://your-secure-cache-server/cache/'
# credentials {
# username = System.getenv('BUILD_CACHE_USER')
# password = System.getenv('BUILD_CACHE_PASSWORD')
# }
# }
# }
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
