Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2025/05/23 9:10 a.m.2 views

CVE-2024-56321

GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 inclusive can allow GoCD admins to abuse the backup configuration "post-backup script" feature to potentially execute arbitrary scripts on the hosting server or container as GoCD's user, rather than pre-configured scripts. I...

3.8CVSS7.2AI score0.01295EPSS
Exploits0References1
CVE
CVEadded 2025/01/03 3:37 p.m.89 views

CVE-2024-56320

GoCD before 24.5.0 is vulnerable to admin privilege escalation via improper authorization of the admin “Configuration XML” UI and related API. An authenticated GoCD user with an existing account can access information intended only for admins or elevate privileges to admin, with exploitation requ...

9.4CVSS6.5AI score0.01595EPSS
Exploits0References4Affected Software1
CNNVD
CNNVDadded 2025/01/03 12:0 a.m.2 views

GoCD 安全漏洞

GoCD is a continuous delivery server from GoCD Open Source. A security vulnerability exists in GoCD versions 18.9.0 through 24.4.0, which stems from a vulnerability that allows misuse of the backup configuration feature, which could potentially allow execution of arbitrary scripts on managed...

3.8CVSS6.8AI score0.01295EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/01/03 12:0 a.m.2 views

PT-2025-1151 · Gocd · Gocd

Name of the Vulnerable Software and Affected Versions: GoCD versions 18.9.0 through 24.4.0 Description: The issue exists due to incorrect restriction of the path name to a directory with limited access. This can allow a remote attacker to execute arbitrary code. Specifically, GoCD admins can abus...

5.5CVSS7.9AI score0.01295EPSS
Exploits0References11
Positive Technologies
Positive Technologiesadded 2025/01/03 12:0 a.m.2 views

PT-2025-1147 · Gocd · Gocd

Name of the Vulnerable Software and Affected Versions: GoCD versions prior to 24.5.0 Description: The issue is related to improper authorization of access to the admin "Configuration XML" UI feature and its associated API in the GoCD system, allowing a malicious insider or existing authenticated...

9.4CVSS7.3AI score0.01595EPSS
Exploits0References14
Vulnrichment
Vulnrichmentadded 2023/03/27 8:36 p.m.10 views

CVE-2023-28629 Stored XSS possible on VSM and Job Details pages via malicious pipeline label configuration in gocd

GoCD is an open source continuous delivery server. GoCD versions before 23.1.0 are vulnerable to a stored XSS vulnerability, where pipeline configuration with a malicious pipeline label configuration can affect browser display of pipeline runs generated from that configuration. An attacker that h...

5.4CVSS5.3AI score0.00516EPSS
Exploits0References6
CNNVD
CNNVDadded 2022/10/14 12:0 a.m.2 views

GoCD 代码问题漏洞

GoCD is a continuous delivery server. A security vulnerability exists in GoCD versions 19.2.0 through 19.11.0, which stems from a Spring RemoteInvocation endpoint exposed for proxy communication that allows deserialization of arbitrary java objects, which can be exploited by an attacker to execut...

9.1CVSS8.6AI score0.09474EPSS
Exploits0References4
Rows per page
Query Builder