An issue exists in ThoughtWorks GoCD prior to 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename but the directory is placed inside of a directory that they can't control.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
thoughtworks gocd |