Vulnerability Details : CVE-2021-41590
In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators allows testing the configured SMTP server settings. This test function can be used to identify the listening TCP ports available to the server, revealing information about the internal network environment.
Products affected by CVE-2021-41590
- cpe:2.3:a:gradle:enterprise:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-41590
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 40 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-41590
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
References for CVE-2021-41590
-
https://security.gradle.com
Gradle Enterprise - Security Advisories | Gradle Inc.Vendor Advisory
-
https://security.gradle.com/advisory/2021-07
Gradle Enterprise - Security Advisories | Gradle Inc.Vendor Advisory
Jump to