Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
thoughtworks gocd vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-43288
An issue exists in ThoughtWorks GoCD prior to 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report.
Thoughtworks Gocd
7.5
CVSSv3
CVE-2021-43289
An issue exists in ThoughtWorks GoCD prior to 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename.
Thoughtworks Gocd
9.8
CVSSv3
CVE-2021-43290
An issue exists in ThoughtWorks GoCD prior to 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename but the directory is placed inside of a directory that they can't control.
Thoughtworks Gocd
6.5
CVSSv3
CVE-2022-39310
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions before 21.1.0 can allow one authenticated agent to impersonate another agent, and thus receive work packages for other ...
Thoughtworks Gocd
8.8
CVSSv3
CVE-2022-39311
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions before 21.1.0 are vulnerable to remote code execution on the server from a malicious or compromised agent. The Spring R...
Thoughtworks Gocd
8.8
CVSSv3
CVE-2021-25924
In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. An attacker can trick a victim to click on a malicious link which could change backup configurations or execute system commands ...
Thoughtworks Gocd
5.4
CVSSv3
CVE-2023-28629
GoCD is an open source continuous delivery server. GoCD versions prior to 23.1.0 are vulnerable to a stored XSS vulnerability, where pipeline configuration with a malicious pipeline label configuration can affect browser display of pipeline runs generated from that configuration....
Thoughtworks Gocd
9.8
CVSSv3
CVE-2021-44659
Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). NOTE: the vendor's position is that the observed behavior is not a vulnerability, because the pr...
Thoughtworks Gocd 21.3.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2