Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
thoughtworks gocd vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-39310
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions before 21.1.0 can allow one authenticated agent to impersonate another agent, and thus receive work packages for other ...
Thoughtworks Gocd
6.1
CVSSv3
CVE-2022-29183
GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4.0 are vulnerable to reflected cross-site scripting via abuse of the pipeline comparison function's error handling to render arbitrary HTML into the returned page. This could allow an malicious user to tric...
Thoughtworks Gocd
5.9
CVSSv3
CVE-2022-39308
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 (inclusive) are subject to a timing attack in validation of access tokens due to use of regular ...
Thoughtworks Gocd
5.5
CVSSv3
CVE-2022-36088
GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD before 22.2.0 do not adequately restrict permissions when installing outside of the default location. This could allow a malicious user with local access to the server G...
Thoughtworks Gocd
5.4
CVSSv3
CVE-2023-28629
GoCD is an open source continuous delivery server. GoCD versions prior to 23.1.0 are vulnerable to a stored XSS vulnerability, where pipeline configuration with a malicious pipeline label configuration can affect browser display of pipeline runs generated from that configuration....
Thoughtworks Gocd
5.4
CVSSv3
CVE-2022-29182
GoCD is a continuous delivery server. GoCD versions 19.11.0 up to and including 21.4.0 (inclusive) are vulnerable to a Document Object Model (DOM)-based cross-site scripting attack via a pipeline run's Stage Details > Graphs tab. It is possible for a malicious script on a...
Thoughtworks Gocd
5.4
CVSSv3
CVE-2021-43288
An issue exists in ThoughtWorks GoCD prior to 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report.
Thoughtworks Gocd
4.4
CVSSv3
CVE-2023-28630
GoCD is an open source continuous delivery server. In GoCD versions from 20.5.0 and below 23.1.0, if the server environment is not correctly configured by administrators to provide access to the relevant PostgreSQL or MySQL backup tools, the credentials for database access may be...
Thoughtworks Gocd
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2