VYPR

GoCD

by ThoughtWorks

CVEs (5)

  • CVE-2021-43287HigApr 14, 2022
    risk 0.02cvss 7.5epss 0.28

    An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers.

  • CVE-2021-43290CriApr 14, 2022
    risk 0.00cvss 9.8epss 0.03

    An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename but the directory is placed inside of a directory that they can't control.

  • CVE-2021-43289HigApr 14, 2022
    risk 0.00cvss 7.5epss 0.02

    An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename.

  • CVE-2021-43288MedApr 14, 2022
    risk 0.00cvss 5.4epss 0.01

    An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report.

  • CVE-2021-43286HigApr 14, 2022
    risk 0.00cvss 8.8epss 0.03

    An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code.