.
All advisories

Potential probing of server side network environment via SMTP configuration test

Affected product(s)

  • Gradle Enterprise 2020.4 < 2021.3

Severity

Moderate

Published at

2021-10-15

Related CVE ID(s)

Description

The installation configuration user interface available to administrators allows testing the configured SMTP server settings. This test function can be used to identify the listening TCP ports available to the server, revealing information about the internal network environment.

Mitigation

Upgrade to Gradle Enterprise 2021.3

Credit

Stephan Sekula <stephan.sekula@compass-security.com>