Thoughtworks Gocd

23 CVEs affecting Thoughtworks Gocd. Latest disclosed: 2025-01-03. Critical: 3, High: 9.

Top CVEs affecting Thoughtworks Gocd
CVESeverityScorePublishedSummary
CVE-2021-43290Critical9.82022-04-14An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD…
CVE-2021-44659Critical9.82021-12-22Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Requ…
CVE-2022-39311Critical9.12022-10-14GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD version…
CVE-2024-56320High8.82025-01-03GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the…
CVE-2022-29184High8.82022-05-20GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0, it is possible for existing authenticated users who have permissions to edit or create…
CVE-2021-43286High8.82022-04-14An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line inje…
CVE-2021-25924High8.82021-04-01In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. An atta…
CVE-2022-24832High8.22022-04-11GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape specia…
CVE-2021-43289High7.52022-04-14An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary director…
CVE-2021-43287High7.52022-04-14An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD se…
CVE-2024-56322High7.22025-01-03GoCD is a continuous deliver server. GoCD versions 16.7.0 through 24.4.0 (inclusive) can allow GoCD admins to abuse a hidden/unused configuration repository (p…
CVE-2024-56324High7.12025-01-03GoCD is a continuous deliver server. GoCD versions prior to 24.4.0 can allow GoCD "group admins" to abuse ability to edit the raw XML configuration for groups…
CVE-2022-39308Medium6.52022-10-14GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD version…
CVE-2023-28629Medium5.42023-03-27GoCD is an open source continuous delivery server. GoCD versions before 23.1.0 are vulnerable to a stored XSS vulnerability, where pipeline configuration with…
CVE-2021-43288Medium5.42022-04-14An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report.
CVE-2022-36088Medium5.02022-09-07GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD prior to 22.2.0 do not adequately restrict permi…
CVE-2022-39310Medium4.92022-10-14GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD version…
CVE-2022-39309Medium4.92022-10-14GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD version…
CVE-2022-29183Medium4.32022-05-20GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4.0 are vulnerable to reflected cross-site scripting via abuse of the pipeline comparison f…
CVE-2022-29182Medium4.32022-05-20GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21.4.0 (inclusive) are vulnerable to a Document Object Model (DOM)-based cross-site scripti…