CVSS: 7.5EPSS: 42%CPEs: 1EXPL: 2CVE-2021-43287
https://notcve.org/view.php?id=CVE-2021-43287
An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers. Se ha detectado un problema en ThoughtWorks GoCD versiones anteriores a 21.3.0. El complemento de continuidad del negocio, que está habilitado por defecto, filtra todos los secretos conocidos por el servidor GoCD a atacantes no autenticados • https://github.com/Wrin9/CVE-2021-43287 https://blog.sonarsource.com/gocd-pre-auth-pipeline-takeover https://github.com/gocd/gocd/commit/41abc210ac4e8cfa184483c9ff1c0cc04fb3511c https://www.gocd.org/releases/#21-3-0 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24832 – Bundled ldap-authentication-plugin fails to neutralise LDAP special elements in usernames
https://notcve.org/view.php?id=CVE-2022-24832
GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not directly allow arbitrary LDAP data exfiltration, it can allow an existing LDAP-authenticated GoCD user with malicious intent to construct and execute malicious queries, allowing them to deduce facts about other users or entries within the LDAP database (e.g alternate fields, usernames, hashed passwords etc) through brute force mechanisms. This only affects users who have a working LDAP authorization configuration enabled on their GoCD server, and only is exploitable by users authenticating using such an LDAP configuration. This issue has been fixed in GoCD 22.1.0, which is bundled with gocd-ldap-authentication-plugin v2.2.0-144. • https://docs.gocd.org/22.1.0/configuration/dev_authentication.html#ldapad-authentication https://github.com/gocd/gocd-ldap-authentication-plugin https://github.com/gocd/gocd-ldap-authentication-plugin/commit/87fa7dac5d899b3960ab48e151881da4793cfcc3 https://github.com/gocd/gocd-ldap-authentication-plugin/releases/tag/v2.2.0-144 https://github.com/gocd/gocd/pull/10244 https://github.com/gocd/gocd/releases/tag/22.1.0 https://github.com/gocd/gocd/security/advisories/GHSA-x5v3-x9qj-mh3h https://w • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-44659
https://notcve.org/view.php?id=CVE-2021-44659
Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). NOTE: the vendor's position is that the observed behavior is not a vulnerability, because the product's design allows an admin to configure outbound requests **EN DISPUTA** La adición de una nueva tubería en GoCD server versión 21.3.0, presenta una funcionalidad que podría ser abusada para realizar una acción no intencionada con el fin de lograr un ataque de tipo Server Side Request Forgery (SSRF). NOTA: la posición del proveedor es que el comportamiento observado no es una vulnerabilidad, porque el diseño del producto permite que un administrador configure las solicitudes de salida • https://github.com/Mesh3l911/CVE-2021-44659 https://github.com/gocd/gocd https://www.gocd.org https://youtu.be/WW_a3znugl0 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25924
https://notcve.org/view.php?id=CVE-2021-25924
In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. An attacker can trick a victim to click on a malicious link which could change backup configurations or execute system commands in the post_backup_script field. En GoCD, versiones 19.6.0 hasta 21.1.0, son vulnerables a un ataque de tipo Cross-Site Request Forgery debido a la falta de protección CSRF en el endpoint "/go/api/config/backup". Un atacante puede engañar a una víctima para que haga clic en un enlace malicioso que podría cambiar la configuración de la copia de seguridad o ejecutar comandos del sistema en el campo post_backup_script. • https://github.com/gocd/gocd/commit/7d0baab0d361c377af84994f95ba76c280048548 https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25924%2C • CWE-352: Cross-Site Request Forgery (CSRF) •