Auth bypass in Gocd

CVE-2024-56320

GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the admin "Configuration XML" UI feature, and its associated API. A malicious inside…

EPSS: 0.007 (49.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2024-56320?
CVE-2024-56320 is a high-severity vulnerability in Gocd, classified under Improper Authorization. CVSS score: 8.8/10. Published 2025-01-03.
How severe is CVE-2024-56320?
High severity. CVSS v3 base score is 8.8 out of 10.