📦 Gocd
by Thoughtworks
🔍 What is Gocd?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This vulnerability allows an attacker who has compromised a GoCD agent to upload malicious files to a GoCD server directory. While they can control the filename, the directory location is restricted. ...
CVE-2021-44659 is a Server-Side Request Forgery (SSRF) vulnerability in GoCD server version 21.3.0 that allows authenticated administrators to abuse pipeline creation functionality to make unintended ...
GoCD versions 16.7.0 through 24.4.0 contain an XML External Entity (XXE) injection vulnerability in a hidden configuration repository feature. This allows GoCD administrators to execute XXE attacks wh...
GoCD versions before 24.5.0 contain an XML External Entity (XXE) vulnerability that allows group administrators to inject malicious XML when editing pipeline configurations. This could lead to server-...
This vulnerability allows an attacker who has compromised a GoCD agent to upload malicious files to arbitrary directories on the GoCD server, though they cannot control the filename. This affects all ...
CVE-2021-43287 is a critical information disclosure vulnerability in ThoughtWorks GoCD's business continuity add-on. Unauthenticated attackers can exploit this flaw to access all secrets stored on the...
CVE-2021-25924 is a Cross-Site Request Forgery vulnerability in GoCD's backup configuration endpoint that allows attackers to trick authenticated users into executing unauthorized actions. When exploi...
GoCD versions 20.5.0 through 23.1.0 can leak database credentials in admin alerts when backups are enabled but required database dump utilities are missing. This affects administrators who have miscon...