VYPR

GoCD

by GoCD

CVEs (22)

  • CVE-2022-24832HigApr 11, 2022
    risk 0.00cvss 8.2epss 0.02

    GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not directly allow arbitrary LDAP data…

  • CVE-2021-25924HigApr 1, 2021
    risk 0.00cvss 8.8epss 0.01

    In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. An attacker can trick a victim to click on a malicious link which could change backup configurations or execute system commands…

Page 2 of 2