4 matches found
CVE-2024-56320
GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the admin "Configuration XML" UI feature, and its associated API. A malicious insider/existing authenticated GoCD user with an existing GoCD...
CVE-2024-56320
creationtimestamp| type| source ---|---|--- 2025-01-03 15:41:27+00:00| seen| https://infosec.exchange/users/cve/statuses/113765180178483233 2025-01-03 17:51:29+00:00| seen| https://t.me/cvedetector/14223...
CVE-2024-56320
GoCD before 24.5.0 is vulnerable to admin privilege escalation via improper authorization of the admin “Configuration XML” UI and related API. An authenticated GoCD user with an existing account can access information intended only for admins or elevate privileges to admin, with exploitation requ...
CVE-2024-56320 GoCD vulnerable to admin privilege escalation by a malicious internal/existing authenticated user
GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the admin "Configuration XML" UI feature, and its associated API. A malicious insider/existing authenticated GoCD user with an existing GoCD...