Potential probing of server side network environment via SMTP configuration test
Affected product(s)
- Gradle Enterprise 2020.4 < 2021.3
Severity
Moderate
Published at
2021-10-15
Related CVE ID(s)
Description
The installation configuration user interface available to administrators allows testing the configured SMTP server settings. This test function can be used to identify the listening TCP ports available to the server, revealing information about the internal network environment.
Mitigation
Upgrade to Gradle Enterprise 2021.3
Credit
Stephan Sekula <stephan.sekula@compass-security.com>