Privilege escalation in Gocd
CVE-2022-36088
GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD prior to 22.2.0 do not adequately restrict permissions when installing outside of the default location. This could allow a malic…
Vulnerability class: Privilege Escalation
EPSS: 0.002 (12.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.0 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N.
Affected products
- Gocd — versions < 22.2.0
- Microsoft Windows
- Thoughtworks Gocd
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM, Third Party Advisory, Mitigation)
- security-advisories@github.com (Patch, Third Party Advisory, x_refsource_MISC)
- security-advisories@github.com (Third Party Advisory, x_refsource_MISC, Release Notes)
- security-advisories@github.com (Third Party Advisory, x_refsource_MISC, Release Notes)
Frequently asked questions
- What is CVE-2022-36088?
- CVE-2022-36088 is a medium-severity vulnerability in Gocd, classified under Improper Privilege Management. CVSS score: 5.0/10. Published 2022-09-07.
- How severe is CVE-2022-36088?
- Medium severity. CVSS v3 base score is 5.0 out of 10.