CVE-2021-41590

Name of the Vulnerable Software and Affected Versions Gradle Enterprise versions through 2021.3

Description The issue allows probing of the server-side network environment via an SMTP configuration test. Administrators can test configured SMTP server settings through the installation configuration user interface, which can reveal information about the internal network environment by identifying listening TCP ports available to the server.

Recommendations For versions through 2021.3, consider restricting access to the SMTP configuration test function to minimize the risk of internal network environment probing. As a temporary workaround, limit the use of the SMTP server settings testing feature until a patch is available.