CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29183 – Reflected XSS in GoCD
https://notcve.org/view.php?id=CVE-2022-29183
GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4.0 are vulnerable to reflected cross-site scripting via abuse of the pipeline comparison function's error handling to render arbitrary HTML into the returned page. This could allow an attacker to trick a victim into executing code which would allow the attacker to operate on, or gain control over the same resources as the victim had access to. This issue is fixed in GoCD 21.4.0. As a workaround, block access to `/go/compare/.*` prior to GoCD Server via a reverse proxy, web application firewall or equivalent, which would prevent use of the pipeline comparison function. • https://github.com/gocd/gocd/pull/9829/commits/bda81084c0401234b168437cf35a63390e3064d1 https://github.com/gocd/gocd/releases/tag/21.4.0 https://github.com/gocd/gocd/security/advisories/GHSA-3vvq-q4qv-x2gf https://www.gocd.org/releases/#21-4-0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29182 – DOM-based XSS in GoCD
https://notcve.org/view.php?id=CVE-2022-29182
GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21.4.0 (inclusive) are vulnerable to a Document Object Model (DOM)-based cross-site scripting attack via a pipeline run's Stage Details > Graphs tab. It is possible for a malicious script on a attacker-hosted site to execute script that will run within the user's browser context and GoCD session via abuse of a messaging channel used for communication between with the parent page and the stage details graph's iframe. This could allow an attacker to steal a GoCD user's session cookies and/or execute malicious code in the user's context. This issue is fixed in GoCD 22.1.0. • https://github.com/gocd/gocd/pull/10190/commits/a256d05de1445e6c77843f098581fc6a66fe4477 https://github.com/gocd/gocd/releases/tag/22.1.0 https://github.com/gocd/gocd/security/advisories/GHSA-qcg6-4q44-3589 https://www.gocd.org/releases/#22-1-0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24832 – Bundled ldap-authentication-plugin fails to neutralise LDAP special elements in usernames
https://notcve.org/view.php?id=CVE-2022-24832
GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not directly allow arbitrary LDAP data exfiltration, it can allow an existing LDAP-authenticated GoCD user with malicious intent to construct and execute malicious queries, allowing them to deduce facts about other users or entries within the LDAP database (e.g alternate fields, usernames, hashed passwords etc) through brute force mechanisms. This only affects users who have a working LDAP authorization configuration enabled on their GoCD server, and only is exploitable by users authenticating using such an LDAP configuration. This issue has been fixed in GoCD 22.1.0, which is bundled with gocd-ldap-authentication-plugin v2.2.0-144. • https://docs.gocd.org/22.1.0/configuration/dev_authentication.html#ldapad-authentication https://github.com/gocd/gocd-ldap-authentication-plugin https://github.com/gocd/gocd-ldap-authentication-plugin/commit/87fa7dac5d899b3960ab48e151881da4793cfcc3 https://github.com/gocd/gocd-ldap-authentication-plugin/releases/tag/v2.2.0-144 https://github.com/gocd/gocd/pull/10244 https://github.com/gocd/gocd/releases/tag/22.1.0 https://github.com/gocd/gocd/security/advisories/GHSA-x5v3-x9qj-mh3h https://w • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-44659
https://notcve.org/view.php?id=CVE-2021-44659
Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). NOTE: the vendor's position is that the observed behavior is not a vulnerability, because the product's design allows an admin to configure outbound requests **EN DISPUTA** La adición de una nueva tubería en GoCD server versión 21.3.0, presenta una funcionalidad que podría ser abusada para realizar una acción no intencionada con el fin de lograr un ataque de tipo Server Side Request Forgery (SSRF). NOTA: la posición del proveedor es que el comportamiento observado no es una vulnerabilidad, porque el diseño del producto permite que un administrador configure las solicitudes de salida • https://github.com/Mesh3l911/CVE-2021-44659 https://github.com/gocd/gocd https://www.gocd.org https://youtu.be/WW_a3znugl0 • CWE-918: Server-Side Request Forgery (SSRF) •