thoughtworks gocd 21.3.0 vulnerabilities and exploits

(subscribe to this query)

7.5

CVSSv2

An issue exists in ThoughtWorks GoCD prior to 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename but the directory is placed inside of a directory that they can't control.

Thoughtworks Gocd

7.5

CVSSv2

Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). NOTE: the vendor's position is that the observed behavior is not a vulnerability, because the pr...

Thoughtworks Gocd 21.3.0

6.5

CVSSv2

An issue exists in ThoughtWorks GoCD prior to 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code.

Thoughtworks Gocd

5

CVSSv2

An issue exists in ThoughtWorks GoCD prior to 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename.

Thoughtworks Gocd

5

CVSSv2

An issue exists in ThoughtWorks GoCD prior to 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers.

Thoughtworks Gocd

2 Github repositories

3.5

CVSSv2

An issue exists in ThoughtWorks GoCD prior to 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report.

Thoughtworks Gocd

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook