3 matches found
CVE-2022-24832 Bundled ldap-authentication-plugin fails to neutralise LDAP special elements in usernames
GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not directly allow arbitrary LDAP data exfiltration, it ca...
CVE-2022-24832
The CVE-2022-24832 issue affects GoCD where the bundled gocd-ldap-authentication-plugin does not properly escape special characters in LDAP usernames when constructing LDAP queries. This can enable an LDAP-authenticated GoCD user to craft and execute malicious queries to infer facts about other L...
CVE-2022-24832 Bundled ldap-authentication-plugin fails to neutralise LDAP special elements in usernames
GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not directly allow arbitrary LDAP data exfiltration, it ca...