CVE-2022-24832
- EPSS 1.44%
- Veröffentlicht 11.04.2022 21:15:08
- Zuletzt bearbeitet 21.11.2024 06:51:11
GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not directl...
CVE-2021-44659
- EPSS 1.99%
- Veröffentlicht 22.12.2021 18:15:08
- Zuletzt bearbeitet 21.11.2024 06:31:20
Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). NOTE: the vendor's position is that the observed behavior is not a vuln...
CVE-2021-25924
- EPSS 0.93%
- Veröffentlicht 01.04.2021 18:15:12
- Zuletzt bearbeitet 21.11.2024 05:55:36
In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. An attacker can trick a victim to click on a malicious link which could change backup configuratio...