CVE-2021-43287: CVE-2021-43287

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-43287

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

ThoughtWorks GoCD 信息泄露漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

ThoughtWorks GoCD是美国ThoughtWorks公司的一个免费和开源的 CI/CD 服务器。 ThoughtWorks GoCD 21.3.0之前版本存在安全漏洞，有权在 GoCD 服务器上创建新管道的攻击者可以滥用 Git URL“测试连接”功能中的命令行注入利用该漏洞来执行任意代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2021-43287

#	POC Description	Source Link	Shenlong Link
1	CVE-2021-43287_GoCD_fileread_POC_EXP	https://github.com/Wrin9/CVE-2021-43287	POC Details
2	GoCD contains a critical information disclosure vulnerability whose exploitation allows unauthenticated attackers to leak configuration information including build secrets and encryption keys.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-43287.yaml	POC Details
3	None	https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/GoCD%20plugin%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%20CVE-2021-43287.md	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-43287

Please Login to view more intelligence information

https://www.gocd.org/releases/#21-3-0x_refsource_MISC
https://github.com/gocd/gocd/commit/41abc210ac4e8cfa184483c9ff1c0cc04fb3511cx_refsource_MISC
https://blog.sonarsource.com/gocd-pre-auth-pipeline-takeoverx_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2021-43287

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2021-43287

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2021-43287

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-43287

III. Intelligence Information for CVE-2021-43287

IV. Related Vulnerabilities

V. Comments for CVE-2021-43287

Leave a comment