227 matches found
GoCD Cross-Site Scripting Vulnerability (CNVD-2022-77809)
ThoughtWorks GoCD is a continuous delivery server. versions 20.2.0 through 21.4.0 of ThoughtWorks GoCD contain a cross-site scripting vulnerability that stems from a vulnerability to reflected cross-site scripting via an abusive function that renders arbitrary HTML into the returned page. An...
CVE-2022-29184
GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0, it is possible for existing authenticated users who have permissions to edit or create pipeline materials or pipeline configuration repositories to get remote code execution capability on the GoCD server via configuring a...
Command injection
GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0, it is possible for existing authenticated users who have permissions to edit or create pipeline materials or pipeline configuration repositories to get remote code execution capability on the GoCD server via configuring a...
CVE-2022-29184 Command Injection/Argument Injection in GoCD
GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0, it is possible for existing authenticated users who have permissions to edit or create pipeline materials or pipeline configuration repositories to get remote code execution capability on the GoCD server via configuring a...
CVE-2022-29184
GoCD vulnerability (CVE-2022-29184) : In GoCD versions prior to 22.1.0, authenticated admins who can edit or create pipeline materials or configuration repositories can trigger remote code execution on the GoCD server by configuring a malicious branch name that abuses Mercurial hooks/aliases duri...
CVE-2022-29184 Command Injection/Argument Injection in GoCD
GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0, it is possible for existing authenticated users who have permissions to edit or create pipeline materials or pipeline configuration repositories to get remote code execution capability on the GoCD server via configuring a...
CVE-2022-29184 Command Injection/Argument Injection in GoCD
GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0, it is possible for existing authenticated users who have permissions to edit or create pipeline materials or pipeline configuration repositories to get remote code execution capability on the GoCD server via configuring a...
CVE-2022-29182
GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21.4.0 inclusive are vulnerable to a Document Object Model DOM-based cross-site scripting attack via a pipeline run's Stage Details Graphs tab. It is possible for a malicious script on a attacker-hosted site to execute script tha...
CVE-2022-29183
GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4.0 are vulnerable to reflected cross-site scripting via abuse of the pipeline comparison function's error handling to render arbitrary HTML into the returned page. This could allow an attacker to trick a victim into executing co...
Cross site scripting
GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21.4.0 inclusive are vulnerable to a Document Object Model DOM-based cross-site scripting attack via a pipeline run's Stage Details Graphs tab. It is possible for a malicious script on a attacker-hosted site to execute script tha...
Cross site scripting
GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4.0 are vulnerable to reflected cross-site scripting via abuse of the pipeline comparison function's error handling to render arbitrary HTML into the returned page. This could allow an attacker to trick a victim into executing co...
CVE-2022-29183 Reflected XSS in GoCD
GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4.0 are vulnerable to reflected cross-site scripting via abuse of the pipeline comparison function's error handling to render arbitrary HTML into the returned page. This could allow an attacker to trick a victim into executing co...
CVE-2022-29183 Reflected XSS in GoCD
GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4.0 are vulnerable to reflected cross-site scripting via abuse of the pipeline comparison function's error handling to render arbitrary HTML into the returned page. This could allow an attacker to trick a victim into executing co...
CVE-2022-29183
CVE-2022-29183 affects ThoughtWorks GoCD (versions 20.2.0–21.4.0). A reflected cross-site scripting vulnerability stems from the pipeline comparison function’s error handling, allowing an attacker to render arbitrary HTML in the returned page and potentially manipulate resources accessible to the...
CVE-2022-29183 Reflected XSS in GoCD
GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4.0 are vulnerable to reflected cross-site scripting via abuse of the pipeline comparison function's error handling to render arbitrary HTML into the returned page. This could allow an attacker to trick a victim into executing co...
CVE-2022-29182 DOM-based XSS in GoCD
GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21.4.0 inclusive are vulnerable to a Document Object Model DOM-based cross-site scripting attack via a pipeline run's Stage Details Graphs tab. It is possible for a malicious script on a attacker-hosted site to execute script tha...
CVE-2022-29182 DOM-based XSS in GoCD
GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21.4.0 inclusive are vulnerable to a Document Object Model DOM-based cross-site scripting attack via a pipeline run's Stage Details Graphs tab. It is possible for a malicious script on a attacker-hosted site to execute script tha...
CVE-2022-29182
GoCD versions 19.11.0–21.4.0 are vulnerable to a DOM-based XSS in the Stage Details > Graphs tab. An attacker-hosted page can abuse the messaging channel between the parent page and the stage-graphs iframe to execute script in the user’s browser context, potentially exfiltrating session cookie...
CVE-2022-29182 DOM-based XSS in GoCD
GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21.4.0 inclusive are vulnerable to a Document Object Model DOM-based cross-site scripting attack via a pipeline run's Stage Details Graphs tab. It is possible for a malicious script on a attacker-hosted site to execute script tha...
GoCD 命令注入漏洞
GoCD is a continuous delivery server. A security vulnerability exists in GoCD versions prior to 22.1.0. An attacker could exploit this vulnerability to gain remote code execution capability on a GoCD server by configuring malicious branch names that abuse Mercurial hooks/...