An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename but the directory is placed inside of a directory that they can't control.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThoughtworks Gocd
APPThoughtworks< 21.3.0
Powiązane podatności
GoCD — eskalacja uprawnień do poziomu administratora (privilege escalation)
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for ...
Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-inten...
GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0, it is possible for existing authentica...
An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled b...