Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DOM-based XSS in GoCD
Vulnerability Description
GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21.4.0 (inclusive) are vulnerable to a Document Object Model (DOM)-based cross-site scripting attack via a pipeline run's Stage Details > Graphs tab. It is possible for a malicious script on a attacker-hosted site to execute script that will run within the user's browser context and GoCD session via abuse of a messaging channel used for communication between with the parent page and the stage details graph's iframe. This could allow an attacker to steal a GoCD user's session cookies and/or execute malicious code in the user's context. This issue is fixed in GoCD 22.1.0. There are currently no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
GoCD 跨站脚本漏洞
Vulnerability Description
GoCD是一个持续交付服务器。 GoCD 19.11.0版本至21.4.0版本存在跨站脚本漏洞,该漏洞源于易受基于文档对象模型 (DOM) 的跨站点脚本攻击。攻击者利用该漏洞窃取 GoCD 用户的会话 cookie 并执行恶意代码。
CVSS Information
N/A
Vulnerability Type
N/A