CVE-2024-28866 GoCD vulnerable to reflected Cross-site Scripting possible on server loading page during start-up

GoCD is a continuous delivery server. GoCD versions from 19.4.0 to 23.5.0 inclusive are potentially vulnerable to a reflected cross-site scripting vulnerability on the loading page displayed while GoCD is starting, via abuse of a redirectto query parameter with inadequate validation. Attackers...

pgp4pine не проверяет устаревшие ключи.

При загрузке с сервера не проверяется поле expired...