Auth bypass in Gocd
CVE-2024-56320
GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the admin "Configuration XML" UI feature, and its associated API. A malicious inside…
EPSS: 0.007 (49.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Gocd — versions < 24.5.0
- Thoughtworks Gocd
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM, Vendor Advisory)
- security-advisories@github.com (Patch, x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC, Release Notes)
- security-advisories@github.com (x_refsource_MISC, Release Notes)
Frequently asked questions
- What is CVE-2024-56320?
- CVE-2024-56320 is a high-severity vulnerability in Gocd, classified under Improper Authorization. CVSS score: 8.8/10. Published 2025-01-03.
- How severe is CVE-2024-56320?
- High severity. CVSS v3 base score is 8.8 out of 10.