CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29182 – DOM-based XSS in GoCD
https://notcve.org/view.php?id=CVE-2022-29182
GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21.4.0 (inclusive) are vulnerable to a Document Object Model (DOM)-based cross-site scripting attack via a pipeline run's Stage Details > Graphs tab. It is possible for a malicious script on a attacker-hosted site to execute script that will run within the user's browser context and GoCD session via abuse of a messaging channel used for communication between with the parent page and the stage details graph's iframe. This could allow an attacker to steal a GoCD user's session cookies and/or execute malicious code in the user's context. This issue is fixed in GoCD 22.1.0. • https://github.com/gocd/gocd/pull/10190/commits/a256d05de1445e6c77843f098581fc6a66fe4477 https://github.com/gocd/gocd/releases/tag/22.1.0 https://github.com/gocd/gocd/security/advisories/GHSA-qcg6-4q44-3589 https://www.gocd.org/releases/#22-1-0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43286
https://notcve.org/view.php?id=CVE-2021-43286
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code. Se ha detectado un problema en ThoughtWorks GoCD versiones anteriores a 21.3.0. Un atacante con privilegios para crear un nuevo pipeline en un servidor GoCD puede abusar de una inyección de línea de comandos en la función "Test Connection" de Git URL para ejecutar código arbitrario • https://blog.sonarsource.com/gocd-vulnerability-chain https://github.com/gocd/gocd/commit/2b77b533abcbb79c8fc758dec9984305dc1ade42 https://github.com/gocd/gocd/commit/6fa9fb7a7c91e760f1adc2593acdd50f2d78676b https://www.gocd.org/releases/#21-3-0 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43288
https://notcve.org/view.php?id=CVE-2021-43288
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report. Se ha detectado un problema en ThoughtWorks GoCD versiones anteriores a 21.3.0. Un atacante que tenga el control de un agente GoCD puede plantar JavaScript malicioso en un informe de trabajo fallido • https://blog.sonarsource.com/gocd-vulnerability-chain https://github.com/gocd/gocd/commit/f5c1d2aa9ab302a97898a6e4b16218e64fe8e9e4 https://www.gocd.org/releases/#21-3-0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43289
https://notcve.org/view.php?id=CVE-2021-43289
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename. Se ha detectado un problema en ThoughtWorks GoCD versiones anteriores a 21.3.0. Un atacante que haya comprometido un agente GoCD puede cargar un archivo malicioso en un directorio arbitrario de un servidor GoCD, pero no controla el nombre del archivo • https://blog.sonarsource.com/gocd-vulnerability-chain https://github.com/gocd/gocd/commit/4c4bb4780eb0d3fc4cacfc4cfcc0b07e2eaf0595 https://github.com/gocd/gocd/commit/c22e0428164af25d3e91baabd3f538a41cadc82f https://www.gocd.org/releases/#21-3-0 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43290
https://notcve.org/view.php?id=CVE-2021-43290
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename but the directory is placed inside of a directory that they can't control. Se ha detectado un problema en ThoughtWorks GoCD versiones anteriores a 21.3.0. Un atacante que haya comprometido un agente GoCD puede cargar un archivo malicioso en un directorio de un servidor GoCD. • https://blog.sonarsource.com/gocd-vulnerability-chain https://github.com/gocd/gocd/commit/4c4bb4780eb0d3fc4cacfc4cfcc0b07e2eaf0595 https://github.com/gocd/gocd/commit/c22e0428164af25d3e91baabd3f538a41cadc82f https://www.gocd.org/releases/#21-3-0 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •