PT-2023-21860 · Gocd · Gocd

Name of the Vulnerable Software and Affected Versions: GoCD versions prior to 23.1.0 Description: The issue is a stored XSS vulnerability, where pipeline configuration with a malicious pipeline label configuration can affect browser display of pipeline runs generated from that configuration. An...

GoCD 跨站脚本漏洞

ThoughtWorks GoCD is a continuous delivery server. versions 20.2.0 through 21.4.0 of ThoughtWorks GoCD contain a cross-site scripting vulnerability that stems from a vulnerability to reflected cross-site scripting via an abusive function that renders arbitrary HTML into the returned page. An...

ThoughtWorks GoCD 路径遍历漏洞

ThoughtWorks GoCD is a free and open source CI/CD server from ThoughtWorks, Inc. A path traversal vulnerability exists in versions of ThoughtWorks GoCD prior to 21.3.0, which could be exploited by an attacker compromising the GoCD agent to upload malicious files to any directory on the GoCD serve...

Aravind SV gocd 跨站请求伪造漏洞

Aravind SV gocd is an application of Aravind SV open source. the main repository of GoCD - Continuous Delivery Server. A cross-site request forgery vulnerability exists in GoCD, versions 19.6.0 to 21.1.0, which stems from a lack of CSRF protection in the /go/api/config/backup endpoint...