cbcvebase.

Thoughtworks Gocd vulnerabilities

23 known vulnerabilities affecting thoughtworks/gocd.

Total CVEs
23
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH9MEDIUM11LOW1

Vulnerabilities

Page 2 of 2
CVE-2022-36088P4MEDIUMCVSS 5.5fixed in 22.2.02022-09-07
CVE-2022-36088 [MEDIUM] CWE-269 CVE-2022-36088: GoCD is a continuous delivery server. Windows installations via either the server or agent installer GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD prior to 22.2.0 do not adequately restrict permissions when installing outside of the default location. This could allow a malicious user with local access to the server GoCD Server or Agent are installed on to modify executables or compone
nvd
CVE-2023-28630P4MEDIUMCVSS 4.4≥ 20.5.0, < 23.1.02023-03-27
CVE-2023-28630 [MEDIUM] CWE-532 CVE-2023-28630: GoCD is an open source continuous delivery server. In GoCD versions from 20.5.0 and below 23.1.0, if GoCD is an open source continuous delivery server. In GoCD versions from 20.5.0 and below 23.1.0, if the server environment is not correctly configured by administrators to provide access to the relevant PostgreSQL or MySQL backup tools, the credentials for database access may be unintentionally leaked to admin alerts on the GoCD user interface. The
nvd
CVE-2024-56321P4LOWCVSS 3.8≥ 18.9.0, < 24.5.02025-01-03
CVE-2024-56321 [LOW] CWE-20 CVE-2024-56321: GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 (inclusive) can allow GoCD GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 (inclusive) can allow GoCD admins to abuse the backup configuration "post-backup script" feature to potentially execute arbitrary scripts on the hosting server or container as GoCD's user, rather than pre-configured scripts. In practice the impact of this vulnerability is limited, a
nvd
Thoughtworks Gocd vulnerabilities | cvebase