Login Sign Up

CVE-2021-43289

7.5 HIGH
Path Traversal

📋 TL;DR

This vulnerability allows an attacker who has compromised a GoCD agent to upload malicious files to arbitrary directories on the GoCD server, though they cannot control the filename. This affects all GoCD installations before version 21.3.0 where agents communicate with the server.

💻 Affected Systems

Products:
  • ThoughtWorks GoCD
Versions: All versions before 21.3.0
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Requires a compromised GoCD agent to exploit. All standard installations with agent-server communication are vulnerable.

📦 What is this software?

Gocd by Thoughtworks

View all CVEs affecting Gocd →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could upload malicious scripts or binaries to critical system directories, potentially leading to remote code execution, data exfiltration, or complete server compromise.

🟠

Likely Case

Attackers could upload malicious files to sensitive directories, enabling persistence, privilege escalation, or lateral movement within the GoCD infrastructure.

🟢

If Mitigated

With proper network segmentation and agent security controls, impact would be limited to the compromised agent's permissions and isolated network segments.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires first compromising a GoCD agent. The vulnerability chain is documented in public research.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 21.3.0 and later

Vendor Advisory: https://www.gocd.org/releases/#21-3-0

Restart Required: Yes

Instructions:

1. Backup your GoCD configuration and data. 2. Download GoCD 21.3.0 or later from official sources. 3. Stop the GoCD service. 4. Install the new version following vendor instructions. 5. Restart the GoCD service. 6. Verify all agents are updated and functioning.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate GoCD agents from sensitive server directories using network controls

Agent Security Hardening

all

Implement strict access controls and monitoring on GoCD agents

🧯 If You Can't Patch

  • Implement strict network segmentation between GoCD agents and servers
  • Enhance monitoring and alerting for unusual file upload activities

🔍 How to Verify

Check if Vulnerable:

Check GoCD server version. If version is below 21.3.0, the system is vulnerable.

Check Version:

gocd-server --version or check server web interface

Verify Fix Applied:

Verify GoCD server version is 21.3.0 or higher and test agent-server file transfer functionality.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file upload patterns from agents
  • Files appearing in unexpected server directories
  • Agent authentication anomalies

Network Indicators:

  • Unusual file transfer patterns between agents and server
  • Unexpected outbound connections from GoCD server

SIEM Query:

source="gocd" AND (event="file_upload" OR event="agent_communication") AND status="unusual"

📊 Metadata

CVE ID: CVE-2021-43289
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-22
Published: April 14, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-43289, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)