Skip to main content

Gocd

18 CVEs product

Monthly

CVE-2024-56324 LOW PATCH Monitor

GoCD is a continuous deliver server. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE SSRF Information Disclosure Path Traversal Gocd
NVD GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2024-56322 LOW PATCH Monitor

GoCD is a continuous deliver server. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Gocd
NVD GitHub
CVSS 4.0
2.1
EPSS
0.4%
CVE-2024-56321 LOW PATCH Monitor

GoCD is a continuous deliver server. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Gocd
NVD GitHub
CVSS 3.1
3.8
EPSS
0.7%
CVE-2024-56320 CRITICAL PATCH This Week

GoCD is a continuous deliver server. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Privilege Escalation Gocd
NVD GitHub
CVSS 4.0
9.4
EPSS
0.7%
CVE-2024-28866 MEDIUM PATCH This Month

GoCD is a continuous delivery server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Java Gocd
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28630 MEDIUM PATCH This Month

GoCD is an open source continuous delivery server. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Information Disclosure PostgreSQL Gocd
NVD GitHub
CVSS 3.1
4.4
EPSS
0.3%
CVE-2023-28629 MEDIUM PATCH This Month

GoCD is an open source continuous delivery server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Gocd
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-39311 HIGH PATCH This Week

GoCD is a continuous delivery server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Java Gocd
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-39310 MEDIUM PATCH This Month

GoCD is a continuous delivery server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Information Disclosure Gocd
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-39309 MEDIUM PATCH This Month

GoCD is a continuous delivery server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Gocd
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-39308 MEDIUM PATCH This Month

GoCD is a continuous delivery server. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Gocd
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-36088 MEDIUM PATCH This Month

GoCD is a continuous delivery server. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Gocd
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-29184 HIGH PATCH This Week

GoCD is a continuous delivery server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Docker Gocd
NVD GitHub
CVSS 3.1
8.8
EPSS
3.6%
CVE-2022-29183 MEDIUM PATCH This Month

GoCD is a continuous delivery server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Gocd
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-29182 MEDIUM PATCH This Month

GoCD is a continuous delivery server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Gocd
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-24832 MEDIUM PATCH This Month

GoCD is an open source a continuous delivery server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Gocd
NVD GitHub
CVSS 3.1
6.8
EPSS
1.6%
CVE-2021-44659 CRITICAL POC Act Now

Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Gocd
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-25924 HIGH PATCH This Week

In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Gocd
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
EPSS 0% CVSS 2.1
LOW PATCH Monitor

GoCD is a continuous deliver server. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE SSRF Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 2.1
LOW PATCH Monitor

GoCD is a continuous deliver server. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Gocd
NVD GitHub
EPSS 1% CVSS 3.8
LOW PATCH Monitor

GoCD is a continuous deliver server. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Gocd
NVD GitHub
EPSS 1% CVSS 9.4
CRITICAL PATCH This Week

GoCD is a continuous deliver server. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Privilege Escalation Gocd
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

GoCD is a continuous delivery server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Java Gocd
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

GoCD is an open source continuous delivery server. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Information Disclosure PostgreSQL Gocd
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

GoCD is an open source continuous delivery server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Gocd
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

GoCD is a continuous delivery server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Java +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

GoCD is a continuous delivery server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Information Disclosure Gocd
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

GoCD is a continuous delivery server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Gocd
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

GoCD is a continuous delivery server. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Gocd
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

GoCD is a continuous delivery server. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Gocd
NVD GitHub
EPSS 4% CVSS 8.8
HIGH PATCH This Week

GoCD is a continuous delivery server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Docker +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

GoCD is a continuous delivery server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Gocd
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

GoCD is a continuous delivery server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Gocd
NVD GitHub
EPSS 2% CVSS 6.8
MEDIUM PATCH This Month

GoCD is an open source a continuous delivery server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Gocd
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Gocd
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Gocd
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy