| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-56324 | GoCD vulnerable to XXE injection via abuse of pipeline XML "snippet" editing by group admins | gocd | gocd | 中危 | - | 2025-01-03 15:56:52 | Deep Dive |
| CVE-2024-56322 | GoCD vulnerable to XXE injection via abuse of unused XML configuration repository functionality | gocd | gocd | 中危 | - | 2025-01-03 15:49:48 | Deep Dive |
| CVE-2024-56321 | GoCD can allow malicious GoCD admins to abuse backup configuration to gain additional host access | gocd | gocd | Low | 3.8 | 2025-01-03 15:41:41 | Deep Dive |
| CVE-2024-56320 | GoCD vulnerable to admin privilege escalation by a malicious internal/existing authenticated user | gocd | gocd | 中危 | - | 2025-01-03 15:37:13 | Deep Dive |
| CVE-2024-28866 | GoCD vulnerable to reflected Cross-site Scripting possible on server loading page during start-up | gocd | gocd | Low | 3.1 | 2024-05-13 13:53:31 | Deep Dive |
| CVE-2023-28629 | Stored XSS possible on VSM and Job Details pages via malicious pipeline label configuration in gocd | gocd | gocd | Medium | 5.4 | 2023-03-27 20:36:27 | Deep Dive |
| CVE-2023-28630 | Sensitive information disclosure possible on misconfigured failed backups of non-H2 databases in gocd | gocd | gocd | Medium | 4.2 | 2023-03-27 20:33:49 | Deep Dive |
| CVE-2022-39310 | Malicious agent may be able to impersonate another agent in GoCD | gocd | gocd | Medium | 4.9 | 2022-10-14 00:00:00 | Deep Dive |
| CVE-2022-39311 | Compromised agents may be able to execute remote code on GoCD Server | gocd | gocd | Critical | 9.1 | 2022-10-14 00:00:00 | Deep Dive |
| CVE-2022-39309 | GoCD server secret encryption/decryption key leaked to agents during material serialization | gocd | gocd | Medium | 4.9 | 2022-10-14 00:00:00 | Deep Dive |
| CVE-2022-39308 | GoCD API authentication of user access tokens subject to timing attack during comparison | gocd | gocd | Medium | 6.5 | 2022-10-14 00:00:00 | Deep Dive |
| CVE-2022-36088 | GoCD Windows installations outside default location inadequately restrict installation file permissions | gocd | gocd | Medium | 5.0 | 2022-09-07 22:55:10 | Deep Dive |
| CVE-2022-29184 | Command Injection/Argument Injection in GoCD | gocd | gocd | High | 8.8 | 2022-05-20 19:25:14 | Deep Dive |
| CVE-2022-29183 | Reflected XSS in GoCD | gocd | gocd | Medium | 4.3 | 2022-05-20 19:10:11 | Deep Dive |
| CVE-2022-29182 | DOM-based XSS in GoCD | gocd | gocd | Medium | 4.3 | 2022-05-20 19:05:12 | Deep Dive |
| CVE-2022-24832 | Bundled ldap-authentication-plugin fails to neutralise LDAP special elements in usernames | gocd | gocd | High | 8.2 | 2022-04-11 20:20:18 | Deep Dive |
| CVE-2021-25924 | Aravind SV gocd 跨站请求伪造漏洞 | - | gocd | 高危 | - | 2021-04-01 17:58:47 | Deep Dive |