CVE-2024-56321

GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 inclusive can allow GoCD admins to abuse the backup configuration "post-backup script" feature to potentially execute arbitrary scripts on the hosting server or container as GoCD's user, rather than pre-configured scripts. I...

PT-2025-1151 · Gocd · Gocd

Name of the Vulnerable Software and Affected Versions: GoCD versions 18.9.0 through 24.4.0 Description: The issue exists due to incorrect restriction of the path name to a directory with limited access. This can allow a remote attacker to execute arbitrary code. Specifically, GoCD admins can abus...

CVE-2019-15720

CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pre or Post backup action. With only user-level access, a user can modify the backup plan and add a Pre backup action script that executes on behalf of NT AUTHORITY\SYSTEM...

CVE-2019-15720

CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pre or Post backup action. With only user-level access, a user can modify the backup plan and add a Pre backup action script that executes on behalf of NT AUTHORITY\SYSTEM...

Design/Logic Flaw

CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pre or Post backup action. With only user-level access, a user can modify the backup plan and add a Pre backup action script that executes on behalf of NT AUTHORITY\SYSTEM...

CVE-2019-11894

A potential improper access control vulnerability exists in the backup mechanism of the Bosch Smart Home Controller SHC before 9.8.905 that may result in unauthorized download of a backup. In order to exploit the vulnerability, the adversary needs to download the backup directly after a backup...