CVE-2021-25924
GoCD versions 19.6.0–21.1.0 are vulnerable to CSRF due to missing protection on the /go/api/config/backup endpoint. An attacker can lure a victim to a malicious link, potentially altering backup configurations or executing commands in the post_backup_script field. The provided sources describe th...