CVE-2021-41590 — MEDIUM (5.3)

Q: How severe is CVE-2021-41590?

CVE-2021-41590 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-41590?

Check the references section above for vendor advisories and patch information. Affected products include: Gradle Enterprise.

Vulnerability Description

In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators allows testing the configured SMTP server settings. This test function can be used to identify the listening TCP ports available to the server, revealing information about the internal network environment.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Gradle	Enterprise	>= 2020.4, < 2021.3

References

https://security.gradle.comVendor Advisory
https://security.gradle.com/advisory/2021-07Vendor Advisory
https://security.gradle.comVendor Advisory
https://security.gradle.com/advisory/2021-07Vendor Advisory

FAQ

What is CVE-2021-41590?

CVE-2021-41590 is a vulnerability with a CVSS score of 5.3 (MEDIUM). In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators ...

How severe is CVE-2021-41590?

CVE-2021-41590 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-41590?

Check the references section above for vendor advisories and patch information. Affected products include: Gradle Enterprise.