15 matches found
EUVD-2024-53110
Malicious code in bioql PyPI...
EUVD-2022-41798
Malicious code in bioql PyPI...
CVE-2022-24832
GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not directly allow arbitrary LDAP data exfiltration, it ca...
CVE-2024-56322
GoCD is a continuous deliver server. GoCD versions 16.7.0 through 24.4.0 inclusive can allow GoCD admins to abuse a hidden/unused configuration repository pipelines as code feature to allow XML External Entity XXE injection on the GoCD Server which will be executed when GoCD periodically scans...
CVE-2024-56322
CVE-2024-56322 affects GoCD (versions 16.7.0 through 24.4.0). The root cause is an abuse of a hidden/unused configuration repository (pipelines as code) feature that enables XML External Entity (XXE) injection on the GoCD Server. This injection is triggered when GoCD scans configuration repositor...
PT-2025-1144 · Gocd · Gocd
Name of the Vulnerable Software and Affected Versions: GoCD versions prior to 24.4.0 Description: The issue is related to the incorrect restriction of XML external entity references in GoCD, a continuous delivery server. This can allow "group admins" to abuse the ability to edit raw XML...
Improper access control
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 can allow one authenticated agent to impersonate another agent, and thus receive work packages for other agents due to...
CVE-2022-39309 GoCD server secret encryption/decryption key leaked to agents during material serialization
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agent...
CVE-2022-39311 Compromised agents may be able to execute remote code on GoCD Server
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 are vulnerable to remote code execution on the server from a malicious or compromised agent. The Spring RemoteInvocation...
CVE-2022-39309 GoCD server secret encryption/decryption key leaked to agents during material serialization
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agent...
PT-2022-23177 · Gocd · Gocd
Name of the Vulnerable Software and Affected Versions: GoCD versions prior to 22.2.0 Description: GoCD is a continuous delivery server. The issue arises from inadequate permission restrictions during Windows installations of GoCD server or agent installers outside of the default location. This...
CVE-2022-24832 Bundled ldap-authentication-plugin fails to neutralise LDAP special elements in usernames
GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not directly allow arbitrary LDAP data exfiltration, it ca...
CVE-2022-24832 Bundled ldap-authentication-plugin fails to neutralise LDAP special elements in usernames
GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not directly allow arbitrary LDAP data exfiltration, it ca...
CVE-2021-44659
Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery SSRF. NOTE: the vendor's position is that the observed behavior is not a vulnerability, because the product's design allows an...
CVE-2021-44659
Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery SSRF. NOTE: the vendor's position is that the observed behavior is not a vulnerability, because the product's design allows an...