GoCD 跨站脚本漏洞

GoCD is a continuous delivery server. A cross-site scripting vulnerability exists in GoCD versions 19.11.0 through 21.4.0, which could be exploited by attackers to obtain a GoCD user's session cookie and execute malicious code...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Thoughtworks Gocd

CVE-2021-43287 POC: pocsuite -r CVE-2021-43287GoCDfiler...

ThoughtWorks GoCD Information Disclosure Vulnerability

ThoughtWorks GoCD is a free and open source CI/CD server from ThoughtWorks, Inc. An information disclosure vulnerability exists in versions of ThoughtWorks GoCD prior to 21.3.0, which could be exploited by an attacker with the right to create a new pipeline on the GoCD server by abusing the Git U...

ThoughtWorks GoCD Command Injection Vulnerability

ThoughtWorks GoCD is a free and open source CI/CD server from ThoughtWorks, Inc. A command injection vulnerability exists in versions of ThoughtWorks GoCD prior to 21.3.0, which can be exploited by attackers to cause arbitrary command execution...

ThoughtWorks GoCD path traversal vulnerability

ThoughtWorks GoCD is a free and open source CI/CD server from ThoughtWorks, Inc. A path traversal vulnerability exists in versions of ThoughtWorks GoCD prior to 21.3.0, which could be exploited by an attacker compromising the GoCD agent to upload malicious files to any directory on the GoCD serve...

ThoughtWorks GoCD Cross-Site Scripting Vulnerability

ThoughtWorks GoCD is a free and open source CI/CD server from ThoughtWorks, Inc. A cross-site scripting vulnerability exists in versions of ThoughtWorks GoCD prior to 21.3.0, which can be exploited by an attacker controlling a GoCD agent to plant malicious JavaScript into a failed job report...

CVE-2021-43290

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename but the directory is placed inside of a directory that they can't control...

CVE-2021-43286

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code...

CVE-2021-43288

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report...

CVE-2021-43289

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename...

CVE-2021-43286

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code...

CVE-2021-43288

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report...

CVE-2021-43289

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename...

CVE-2021-43290

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename but the directory is placed inside of a directory that they can't control...

Design/Logic Flaw

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code...

Design/Logic Flaw

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename...

Design/Logic Flaw

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename but the directory is placed inside of a directory that they can't control...

Design/Logic Flaw

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report...

CVE-2021-43286

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code...

CVE-2021-43286

ThoughtWorks GoCD prior to 21.3.0 is affected by a command-line injection vulnerability in the Git URL “Test Connection” feature. An attacker who has privileges to create a new pipeline can exploit this to execute arbitrary code on the GoCD server. The issue is concrete in GoCD from the public ad...