Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2021-43287

Published: 14/04/2022 Updated: 21/04/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Thoughtworks

Vulnerability Summary

An issue exists in ThoughtWorks GoCD prior to 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

thoughtworks gocd

Github Repositories

https://github.com/Wrin9/CVE-2021-43287

CVE-2021-43287_GoCD_fileread_POC_EXP

CVE-2021-43287 POC: pocsuite -r CVE-2021-43287_GoCD_fileread_POC_EXP -u url EXP: pocsuite -r CVE-2021-4

https://github.com/Wrin9/POC

该文件夹集成自写的POC 下列是POC列表 一周保底更新一个POC脚本 PS:有些POC网上暂未公布[-],只分享在个人知识星球 微信群会做日常的交流分享,需要关注公众号获取交流群信息👇 1[+]泛微OA_V9版本的SQL代码执行漏洞 2[-]泛微OA_V9全版本前台任意文件上传漏洞 3[+]Spring-Cloud-Function-SpEL_POC_EXP

References

CWE-200https://www.gocd.org/releases/#21-3-0https://github.com/gocd/gocd/commit/41abc210ac4e8cfa184483c9ff1c0cc04fb3511chttps://blog.sonarsource.com/gocd-pre-auth-pipeline-takeoverhttps://nvd.nist.govhttps://github.com/Wrin9/CVE-2021-43287
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook