CVE-2021-41586

Name of the Vulnerable Software and Affected Versions Gradle Enterprise versions prior to 2021.1.3

Description The issue allows an attacker with the ability to perform Server-Side Request Forgery (SSRF) attacks to potentially reset the system user password. SSRF is a type of attack where an attacker can trick a server into making requests to internal or external resources, potentially leading to unauthorized access or data manipulation.

Recommendations For Gradle Enterprise versions prior to 2021.1.3, update to version 2021.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation.