CVE-2021-41590
5.3 MEDIUMIn Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test
Published: 2021-10-27 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
| Vendor | Product |
|---|---|
| gradle | enterprise |
Description
In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators allows testing the configured SMTP server settings. This test function can be used to identify the listening TCP ports available to the server, revealing information about the internal network environment.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-41590
- [Vendor advisory]https://security.gradle.com
- [Vendor advisory]https://security.gradle.com/advisory/2021-07
- [Vendor advisory]https://security.gradle.com
- [Vendor advisory]https://security.gradle.com/advisory/2021-07
Related CVEs
Same vendor
- CVE-2021-41619 — An issue was discovered in Gradle Enterprise before 2021.1.2 (7.2 HIGH)
- CVE-2021-41589 — In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code exec... (9.8 CRITICAL)
- CVE-2021-41588 — In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects (8.1 HIGH)
- CVE-2021-41587 — In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other... (7.5 HIGH)
- CVE-2021-41586 — In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password (7.5 HIGH)