2 matches found
GoCD 安全漏洞
GoCD is a continuous delivery server. A security vulnerability exists in GoCD versions 19.2.0 through 19.11.0 that originates from allowing an authenticated agent to impersonate another agent, resulting in an access control outage and incorrect authentication of agent tokens in the GoCD server to...
PT-2022-24889 · Gocd · Gocd
Name of the Vulnerable Software and Affected Versions: GoCD versions 19.2.0 through 19.10.0 Description: The issue concerns a timing attack in the validation of access tokens due to the use of regular string comparison instead of a constant time algorithm. This could allow a brute force attack on...