CVE-2021-41590
First published: Wed Oct 27 2021(Updated: )
In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators allows testing the configured SMTP server settings. This test function can be used to identify the listening TCP ports available to the server, revealing information about the internal network environment.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gradle Enterprise | >=2020.4<2021.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-41590?
CVE-2021-41590 is a vulnerability in Gradle Enterprise that allows probing of the server-side network environment via an SMTP configuration test.
How can the CVE-2021-41590 vulnerability be exploited?
The CVE-2021-41590 vulnerability can be exploited by using the test function in the installation configuration user interface to identify the server's SMTP server settings.
What is the severity of CVE-2021-41590?
The severity of CVE-2021-41590 is medium with a CVSS score of 5.3.
How do I fix CVE-2021-41590?
To fix CVE-2021-41590, update Gradle Enterprise to version 2021.3 or later.
Where can I find more information about CVE-2021-41590?
More information about CVE-2021-41590 can be found at the official Gradle Enterprise security advisory page: https://security.gradle.com/advisory/2021-07.
- collector/nvd-index
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/gradle
- canonical/gradle enterprise
- version/gradle enterprise/2020.4