227 matches found
GoCD 跨站脚本漏洞
GoCD is a continuous delivery server. A cross-site scripting vulnerability exists in GoCD versions prior to 23.1.0. An attacker could exploit this vulnerability to perform a cross-site scripting attack...
CVE-2022-39310
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 can allow one authenticated agent to impersonate another agent, and thus receive work packages for other agents due to...
CVE-2022-39311
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 are vulnerable to remote code execution on the server from a malicious or compromised agent. The Spring RemoteInvocation...
CVE-2022-39309
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agent...
Code injection
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agent...
Deserialization of untrusted data
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 are vulnerable to remote code execution on the server from a malicious or compromised agent. The Spring RemoteInvocation...
Improper access control
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 can allow one authenticated agent to impersonate another agent, and thus receive work packages for other agents due to...
CVE-2022-39308
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 inclusive are subject to a timing attack in validation of access tokens due to use of regular string comparison f...
Design/Logic Flaw
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 inclusive are subject to a timing attack in validation of access tokens due to use of regular string comparison f...
CVE-2022-39311 Compromised agents may be able to execute remote code on GoCD Server
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 are vulnerable to remote code execution on the server from a malicious or compromised agent. The Spring RemoteInvocation...
CVE-2022-39310 Malicious agent may be able to impersonate another agent in GoCD
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 can allow one authenticated agent to impersonate another agent, and thus receive work packages for other agents due to...
CVE-2022-39308 GoCD API authentication of user access tokens subject to timing attack during comparison
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 inclusive are subject to a timing attack in validation of access tokens due to use of regular string comparison f...
CVE-2022-39309 GoCD server secret encryption/decryption key leaked to agents during material serialization
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agent...
CVE-2022-39311
CVE-2022-39311 affects GoCD (continuous delivery server). The vulnerability lies in the Spring RemoteInvocation endpoint, which exposed agent communication and allowed deserialization of arbitrary Java objects, enabling remote code execution on the server. Exploitation requires agent-level authen...
CVE-2022-39308 GoCD API authentication of user access tokens subject to timing attack during comparison
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 inclusive are subject to a timing attack in validation of access tokens due to use of regular string comparison f...
GoCD 安全漏洞
GoCD is a continuous delivery server. A security vulnerability exists in GoCD versions 19.2.0 through 19.11.0 that originates from allowing an authenticated agent to impersonate another agent, resulting in an access control outage and incorrect authentication of agent tokens in the GoCD server to...
GoCD 代码问题漏洞
GoCD is a continuous delivery server. A security vulnerability exists in GoCD versions 19.2.0 through 19.11.0, which stems from a Spring RemoteInvocation endpoint exposed for proxy communication that allows deserialization of arbitrary java objects, which can be exploited by an attacker to execut...
CVE-2022-39310
CVE-2022-39310 affects GoCD prior to 21.1.0, where an authenticated agent could impersonate another agent due to broken access control and incorrect validation of agent tokens. This could cause disclosure of credentials contained in work packages assigned to other agents. Exploitation requires kn...
PT-2022-24890 · Gocd · Gocd
Name of the Vulnerable Software and Affected Versions: GoCD versions prior to 21.1.0 Description: The issue affects GoCD, a continuous delivery server that automates and streamlines the build-test-release cycle for continuous delivery of products. It leaks the symmetric key used to encrypt/decryp...
CVE-2022-39308
GoCD versions 19.2.0–19.10.0 are vulnerable to a timing-attack in access token validation due to non–constant-time string comparison, potentially enabling brute-forcing of API tokens. The issue is fixed in GoCD 19.11.0. Workarounds include rate limiting or introducing random delays at the GoCD se...