An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NThoughtworks Gocd
APPThoughtworks< 21.3.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Powiązane podatności
CVE-2024-56320CRITICAL9.4PL ✓ten sam produkt
GoCD — eskalacja uprawnień do poziomu administratora (privilege escalation)
CVE-2022-39311CRITICAL9.1ten sam produkt
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for ...
CVE-2021-43290CRITICAL9.8ten sam produkt
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can u...
CVE-2021-44659CRITICAL9.8ten sam produkt
Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-inten...
CVE-2022-29184HIGH8.8ten sam produkt
GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0, it is possible for existing authentica...