227 matches found
ThoughtWorks GoCD Web interface detection
Binary data gocdwebdetect.nbin...
GoCD < 21.3.0 Path Traversal (Direct)
Binary data gocdpathtraversal.nbin...
ThoughtWorks GoCD Default Administrator Access
Binary data gocddefaultaccess.nbin...
GoCD < 21.3.0 Path Traversal
The GoCD web application running on the remote host has the Business Continuity add-on enabled by default. It is, therefore, affected by a directory traversal vulnerability due to an improper access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains...
gocd request forgery vulnerability
gocd is a continuous delivery server. gocd has a server-side request forgery vulnerability in version 21.3.0, which stems from the product's failure to properly validate user input and could be exploited to probe the server's intranet resources...
CVE-2021-44659
Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery SSRF. NOTE: the vendor's position is that the observed behavior is not a vulnerability, because the product's design allows an...
CVE-2021-44659
Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery SSRF. NOTE: the vendor's position is that the observed behavior is not a vulnerability, because the product's design allows an...
Server side request forgery (ssrf)
DISPUTED Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery SSRF. NOTE: the vendor's position is that the observed behavior is not a vulnerability, because the product's design...
CVE-2021-44659
Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery SSRF. NOTE: the vendor's position is that the observed behavior is not a vulnerability, because the product's design allows an...
CVE-2021-44659
GoCD server version 21.3.0 contains a possible Server Side Request Forgery (SSRF) when adding a new pipeline. The issue stems from how outbound requests are handled/validated, with multiple connected sources attributing the vulnerability to inadequate input validation and configuration of outboun...
GoCD 代码问题漏洞
gocd is a continuous delivery server. gocd has a server-side request forgery vulnerability in version 21.3.0, which stems from the product's failure to properly validate user input and could be exploited to probe the server's intranet resources...
CVE-2021-43287 Allows Pre-Authenticated Build Takeover of GoCD Pipelines
On October 26, 2021, open-source CI/CD solution GoCD released version 21.3.0, which included a fix for CVE-2021-43287, a critical information disclosure vulnerability whose exploitation allows unauthenticated attackers to leak configuration information, including build secrets and encryption keys...
GoCD Authentication Vulnerability
GoCD has released a security update to address a critical authentication vulnerability in GoCD versions 20.6.0 through 21.2.0. GoCD is an open-source Continuous Integration and Continuous Delivery system. A remote attacker could exploit this vulnerability to obtain sensitive information. CISA...
CVE-2021-25924
In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the /go/api/config/backup endpoint. An attacker can trick a victim to click on a malicious link which could change backup configurations or execute system commands in the...
CVE-2021-25924
In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the /go/api/config/backup endpoint. An attacker can trick a victim to click on a malicious link which could change backup configurations or execute system commands in the...
Cross site request forgery (csrf)
In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the /go/api/config/backup endpoint. An attacker can trick a victim to click on a malicious link which could change backup configurations or execute system commands in the...
CVE-2021-25924
In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the /go/api/config/backup endpoint. An attacker can trick a victim to click on a malicious link which could change backup configurations or execute system commands in the...
CVE-2021-25924
GoCD versions 19.6.0–21.1.0 are vulnerable to CSRF due to missing protection on the /go/api/config/backup endpoint. An attacker can lure a victim to a malicious link, potentially altering backup configurations or executing commands in the post_backup_script field. The provided sources describe th...
GoCD: XSS In https://docs.gocd.org/current/
Searches on docs.gocd.org were subject to a client-side XSS issue...
GoCD: Imperfect CSRF To Overwrite Server Config at /go/admin/restful/configuration/file/POST/xml
The /go/admin/restful/configuration/file/POST/xml path is vulnerable to Cross-Site Request Forgery that can result in an unauthorized user adding to the server cruise-config.xml and gaining complete control of the server. Successful exploitation is made difficult by the need for the admin to be...