Thoughtworks Gocd
23 CVEs affecting Thoughtworks Gocd. Latest disclosed: 2025-01-03. Critical: 3, High: 9.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-43290 | Critical | 9.8 | 2022-04-14 | An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD… |
CVE-2021-44659 | Critical | 9.8 | 2021-12-22 | Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Requ… |
CVE-2022-39311 | Critical | 9.1 | 2022-10-14 | GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD version… |
CVE-2024-56320 | High | 8.8 | 2025-01-03 | GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the… |
CVE-2022-29184 | High | 8.8 | 2022-05-20 | GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0, it is possible for existing authenticated users who have permissions to edit or create… |
CVE-2021-43286 | High | 8.8 | 2022-04-14 | An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line inje… |
CVE-2021-25924 | High | 8.8 | 2021-04-01 | In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. An atta… |
CVE-2022-24832 | High | 8.2 | 2022-04-11 | GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape specia… |
CVE-2021-43289 | High | 7.5 | 2022-04-14 | An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary director… |
CVE-2021-43287 | High | 7.5 | 2022-04-14 | An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD se… |
CVE-2024-56322 | High | 7.2 | 2025-01-03 | GoCD is a continuous deliver server. GoCD versions 16.7.0 through 24.4.0 (inclusive) can allow GoCD admins to abuse a hidden/unused configuration repository (p… |
CVE-2024-56324 | High | 7.1 | 2025-01-03 | GoCD is a continuous deliver server. GoCD versions prior to 24.4.0 can allow GoCD "group admins" to abuse ability to edit the raw XML configuration for groups… |
CVE-2022-39308 | Medium | 6.5 | 2022-10-14 | GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD version… |
CVE-2023-28629 | Medium | 5.4 | 2023-03-27 | GoCD is an open source continuous delivery server. GoCD versions before 23.1.0 are vulnerable to a stored XSS vulnerability, where pipeline configuration with… |
CVE-2021-43288 | Medium | 5.4 | 2022-04-14 | An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report. |
CVE-2022-36088 | Medium | 5.0 | 2022-09-07 | GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD prior to 22.2.0 do not adequately restrict permi… |
CVE-2022-39310 | Medium | 4.9 | 2022-10-14 | GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD version… |
CVE-2022-39309 | Medium | 4.9 | 2022-10-14 | GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD version… |
CVE-2022-29183 | Medium | 4.3 | 2022-05-20 | GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4.0 are vulnerable to reflected cross-site scripting via abuse of the pipeline comparison f… |
CVE-2022-29182 | Medium | 4.3 | 2022-05-20 | GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21.4.0 (inclusive) are vulnerable to a Document Object Model (DOM)-based cross-site scripti… |