227 matches found
CVE-2024-56322 GoCD vulnerable to XXE injection via abuse of unused XML configuration repository functionality
GoCD is a continuous deliver server. GoCD versions 16.7.0 through 24.4.0 inclusive can allow GoCD admins to abuse a hidden/unused configuration repository pipelines as code feature to allow XML External Entity XXE injection on the GoCD Server which will be executed when GoCD periodically scans...
CVE-2024-56321 GoCD can allow malicious GoCD admins to abuse backup configuration to gain additional host access
GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 inclusive can allow GoCD admins to abuse the backup configuration "post-backup script" feature to potentially execute arbitrary scripts on the hosting server or container as GoCD's user, rather than pre-configured scripts. I...
CVE-2024-56321
CVE-2024-56321 (GoCD) affects GoCD 18.9.0–24.4.0. The issue allows admins to abuse the backup configuration “post-backup script” to run arbitrary scripts on the hosting server/container as the GoCD user. In practice, impact is limited since an admin typically has host permissions, but in restrict...
CVE-2024-56321 GoCD can allow malicious GoCD admins to abuse backup configuration to gain additional host access
GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 inclusive can allow GoCD admins to abuse the backup configuration "post-backup script" feature to potentially execute arbitrary scripts on the hosting server or container as GoCD's user, rather than pre-configured scripts. I...
CVE-2024-56321 GoCD can allow malicious GoCD admins to abuse backup configuration to gain additional host access
GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 inclusive can allow GoCD admins to abuse the backup configuration "post-backup script" feature to potentially execute arbitrary scripts on the hosting server or container as GoCD's user, rather than pre-configured scripts. I...
CVE-2024-56320 GoCD vulnerable to admin privilege escalation by a malicious internal/existing authenticated user
GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the admin "Configuration XML" UI feature, and its associated API. A malicious insider/existing authenticated GoCD user with an existing GoCD...
CVE-2024-56320
GoCD before 24.5.0 is vulnerable to admin privilege escalation via improper authorization of the admin “Configuration XML” UI and related API. An authenticated GoCD user with an existing account can access information intended only for admins or elevate privileges to admin, with exploitation requ...
CVE-2024-56320 GoCD vulnerable to admin privilege escalation by a malicious internal/existing authenticated user
GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the admin "Configuration XML" UI feature, and its associated API. A malicious insider/existing authenticated GoCD user with an existing GoCD...
CVE-2024-56320 GoCD vulnerable to admin privilege escalation by a malicious internal/existing authenticated user
GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the admin "Configuration XML" UI feature, and its associated API. A malicious insider/existing authenticated GoCD user with an existing GoCD...
GoCD 授权问题漏洞
GoCD is an open source continuous delivery server from GoCD. An authorization issue vulnerability exists in GoCD versions prior to 24.5.0 that stems from improper access authorization and vulnerability to elevation of privilege...
GoCD 代码问题漏洞
GoCD is a continuous delivery server for GoCD open source. A code issue vulnerability exists in GoCD versions 16.7.0 through 24.4.0 that stems from an XML External Entity XXE injection vulnerability that allows abuse of the hidden/unused Configuration Repository feature...
GoCD 安全漏洞
GoCD is a continuous delivery server from GoCD Open Source. A security vulnerability exists in GoCD versions 18.9.0 through 24.4.0, which stems from a vulnerability that allows misuse of the backup configuration feature, which could potentially allow execution of arbitrary scripts on managed...
PT-2025-1144 · Gocd · Gocd
Name of the Vulnerable Software and Affected Versions: GoCD versions prior to 24.4.0 Description: The issue is related to the incorrect restriction of XML external entity references in GoCD, a continuous delivery server. This can allow "group admins" to abuse the ability to edit raw XML...
PT-2025-1150 · Gocd · Gocd
Name of the Vulnerable Software and Affected Versions: GoCD versions 16.7.0 through 24.4.0 Description: The issue is related to an XML External Entity XXE injection vulnerability in the GoCD server, which can be exploited by a remote attacker. This vulnerability is associated with the incorrect...
PT-2025-1147 · Gocd · Gocd
Name of the Vulnerable Software and Affected Versions: GoCD versions prior to 24.5.0 Description: The issue is related to improper authorization of access to the admin "Configuration XML" UI feature and its associated API in the GoCD system, allowing a malicious insider or existing authenticated...
PT-2025-1151 · Gocd · Gocd
Name of the Vulnerable Software and Affected Versions: GoCD versions 18.9.0 through 24.4.0 Description: The issue exists due to incorrect restriction of the path name to a directory with limited access. This can allow a remote attacker to execute arbitrary code. Specifically, GoCD admins can abus...
CVE-2024-28866
GoCD is a continuous delivery server. GoCD versions from 19.4.0 to 23.5.0 inclusive are potentially vulnerable to a reflected cross-site scripting vulnerability on the loading page displayed while GoCD is starting, via abuse of a redirectto query parameter with inadequate validation. Attackers...
GoCD 安全漏洞
GoCD is a continuous delivery server. A security vulnerability exists in GoCD versions prior to 24.1.0 that stems from the presence of a reflected cross-site scripting vulnerability...
CVE-2024-28866 GoCD vulnerable to reflected Cross-site Scripting possible on server loading page during start-up
GoCD is a continuous delivery server. GoCD versions from 19.4.0 to 23.5.0 inclusive are potentially vulnerable to a reflected cross-site scripting vulnerability on the loading page displayed while GoCD is starting, via abuse of a redirectto query parameter with inadequate validation. Attackers...
CVE-2024-28866 GoCD vulnerable to reflected Cross-site Scripting possible on server loading page during start-up
GoCD is a continuous delivery server. GoCD versions from 19.4.0 to 23.5.0 inclusive are potentially vulnerable to a reflected cross-site scripting vulnerability on the loading page displayed while GoCD is starting, via abuse of a redirectto query parameter with inadequate validation. Attackers...