Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Malicious agent may be able to impersonate another agent in GoCD
Vulnerability Description
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 can allow one authenticated agent to impersonate another agent, and thus receive work packages for other agents due to broken access control and incorrect validation of agent tokens within the GoCD server. Since work packages can contain sensitive information such as credentials intended only for a given job running against a specific agent environment, this can cause accidental information disclosure. Exploitation requires knowledge of agent identifiers and ability to authenticate as an existing agent with the GoCD server. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
GoCD 安全漏洞
Vulnerability Description
GoCD是一个持续交付服务器。 GoCD 19.2.0到19.11.0版本存在安全漏洞,该漏洞源于允许一个经过身份验证的代理冒充另一个代理,从而导致访问控制中断和 GoCD 服务器中代理令牌验证不正确而接收其他代理的工作包,攻击者利用该漏洞可以获取GoCD 服务器敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A