28 matches found
EUVD-2021-30233
Malicious code in bioql PyPI...
EUVD-2021-30230
Malicious code in bioql PyPI...
EUVD-2021-30232
Malicious code in bioql PyPI...
CVE-2021-43289
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename...
CVE-2021-43286
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code...
CVE-2021-43288
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Thoughtworks Gocd
CVE-2021-43287 POC: pocsuite -r CVE-2021-43287GoCDfiler...
ThoughtWorks GoCD Command Injection Vulnerability
ThoughtWorks GoCD is a free and open source CI/CD server from ThoughtWorks, Inc. A command injection vulnerability exists in versions of ThoughtWorks GoCD prior to 21.3.0, which can be exploited by attackers to cause arbitrary command execution...
CVE-2021-43289
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename...
CVE-2021-43290
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename but the directory is placed inside of a directory that they can't control...
CVE-2021-43286
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code...
CVE-2021-43286
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code...
CVE-2021-43290
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename but the directory is placed inside of a directory that they can't control...
Design/Logic Flaw
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code...
Design/Logic Flaw
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename but the directory is placed inside of a directory that they can't control...
Design/Logic Flaw
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename...
Design/Logic Flaw
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report...
CVE-2021-43286
ThoughtWorks GoCD prior to 21.3.0 is affected by a command-line injection vulnerability in the Git URL “Test Connection” feature. An attacker who has privileges to create a new pipeline can exploit this to execute arbitrary code on the GoCD server. The issue is concrete in GoCD from the public ad...
CVE-2021-43288
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report...
CVE-2021-43289
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename...