Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
thoughtworks gocd vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-39311
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions before 21.1.0 are vulnerable to remote code execution on the server from a malicious or compromised agent. The Spring R...
Thoughtworks Gocd
4.3
CVSSv2
CVE-2022-29182
GoCD is a continuous delivery server. GoCD versions 19.11.0 up to and including 21.4.0 (inclusive) are vulnerable to a Document Object Model (DOM)-based cross-site scripting attack via a pipeline run's Stage Details > Graphs tab. It is possible for a malicious script on a...
Thoughtworks Gocd
6.5
CVSSv2
CVE-2022-29184
GoCD is a continuous delivery server. In GoCD versions before 22.1.0, it is possible for existing authenticated users who have permissions to edit or create pipeline materials or pipeline configuration repositories to get remote code execution capability on the GoCD server via co...
Thoughtworks Gocd
NA
CVE-2022-39310
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions before 21.1.0 can allow one authenticated agent to impersonate another agent, and thus receive work packages for other ...
Thoughtworks Gocd
NA
CVE-2022-39309
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions before 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to auth...
Thoughtworks Gocd
NA
CVE-2022-36088
GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD before 22.2.0 do not adequately restrict permissions when installing outside of the default location. This could allow a malicious user with local access to the server G...
Thoughtworks Gocd
4.9
CVSSv2
CVE-2022-24832
GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not directly allow arbitrary LDAP data ex...
Thoughtworks Gocd
7.5
CVSSv2
CVE-2021-44659
Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). NOTE: the vendor's position is that the observed behavior is not a vulnerability, because the pr...
Thoughtworks Gocd 21.3.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2