CVE-2021-43287 PoC — ThoughtWorks GoCD 信息泄露漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-43287.yaml

Associated Vulnerability

Title:ThoughtWorks GoCD 信息泄露漏洞 (CVE-2021-43287)
Description:ThoughtWorks GoCD是美国ThoughtWorks公司的一个免费和开源的 CI/CD 服务器。 ThoughtWorks GoCD 21.3.0之前版本存在安全漏洞，有权在 GoCD 服务器上创建新管道的攻击者可以滥用 Git URL“测试连接”功能中的命令行注入利用该漏洞来执行任意代码。

Description

GoCD contains a critical information disclosure vulnerability whose exploitation allows unauthenticated attackers to leak configuration information including build secrets and encryption keys.

File Snapshot


 id: CVE-2021-43287

info:
  name: Pre-Auth Takeover of Build Pipelines in GoCD
  author: dhiyaneshDk

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!