Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
thoughtworks gocd 21.3.0 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-43290
An issue exists in ThoughtWorks GoCD prior to 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename but the directory is placed inside of a directory that they can't control.
Thoughtworks Gocd
9.8
CVSSv3
CVE-2021-44659
Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). NOTE: the vendor's position is that the observed behavior is not a vulnerability, because the pr...
Thoughtworks Gocd 21.3.0
8.8
CVSSv3
CVE-2021-43286
An issue exists in ThoughtWorks GoCD prior to 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code.
Thoughtworks Gocd
7.5
CVSSv3
CVE-2021-43289
An issue exists in ThoughtWorks GoCD prior to 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename.
Thoughtworks Gocd
7.5
CVSSv3
CVE-2021-43287
An issue exists in ThoughtWorks GoCD prior to 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers.
Thoughtworks Gocd
2 Github repositories
5.4
CVSSv3
CVE-2021-43288
An issue exists in ThoughtWorks GoCD prior to 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report.
Thoughtworks Gocd
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started