Privilege escalation in Gocd

CVE-2022-36088

GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD prior to 22.2.0 do not adequately restrict permissions when installing outside of the default location. This could allow a malic…

Vulnerability class: Privilege Escalation

EPSS: 0.002 (12.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.0 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2022-36088?
CVE-2022-36088 is a medium-severity vulnerability in Gocd, classified under Improper Privilege Management. CVSS score: 5.0/10. Published 2022-09-07.
How severe is CVE-2022-36088?
Medium severity. CVSS v3 base score is 5.0 out of 10.