Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Reflected XSS in GoCD
Vulnerability Description
GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4.0 are vulnerable to reflected cross-site scripting via abuse of the pipeline comparison function's error handling to render arbitrary HTML into the returned page. This could allow an attacker to trick a victim into executing code which would allow the attacker to operate on, or gain control over the same resources as the victim had access to. This issue is fixed in GoCD 21.4.0. As a workaround, block access to `/go/compare/.*` prior to GoCD Server via a reverse proxy, web application firewall or equivalent, which would prevent use of the pipeline comparison function.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
GoCD 跨站脚本漏洞
Vulnerability Description
GoCD是一个持续交付服务器。 GoCD 20.2.0版本至21.4.0版本存在跨站脚本漏洞,该漏洞源于通过滥用函数将任意 HTML 呈现到返回的页面中,容易受到反射的跨站点脚本的攻击。攻击者利用该漏洞诱骗受害者执行代码,从而操作或控制受害者有权访问的相同资源。
CVSS Information
N/A
Vulnerability Type
N/A