Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

gocd — Vulnerabilities & Security Advisories 17

All 17 CVE vulnerabilities found in gocd, with AI-generated Chinese analysis, references, and POCs.

Vendor: n/a

CVE IDTitleCVSSSeverityPublished
CVE-2024-56324 GoCD vulnerable to XXE injection via abuse of pipeline XML "snippet" editing by group admins CWE-611 6.5 -2025-01-03
CVE-2024-56322 GoCD vulnerable to XXE injection via abuse of unused XML configuration repository functionality CWE-611 6.7 -2025-01-03
CVE-2024-56321 GoCD can allow malicious GoCD admins to abuse backup configuration to gain additional host access CWE-20 3.8 Low2025-01-03
CVE-2024-56320 GoCD vulnerable to admin privilege escalation by a malicious internal/existing authenticated user CWE-285 8.8 -2025-01-03
CVE-2024-28866 GoCD vulnerable to reflected Cross-site Scripting possible on server loading page during start-up CWE-79 3.1 Low2024-05-13
CVE-2023-28629 Stored XSS possible on VSM and Job Details pages via malicious pipeline label configuration in gocd CWE-79 5.4 Medium2023-03-27
CVE-2023-28630 Sensitive information disclosure possible on misconfigured failed backups of non-H2 databases in gocd CWE-532 4.2 Medium2023-03-27
CVE-2022-39310 Malicious agent may be able to impersonate another agent in GoCD CWE-284 4.9 Medium2022-10-14
CVE-2022-39311 Compromised agents may be able to execute remote code on GoCD Server CWE-502 9.1 Critical2022-10-14
CVE-2022-39309 GoCD server secret encryption/decryption key leaked to agents during material serialization CWE-200 4.9 Medium2022-10-14
CVE-2022-39308 GoCD API authentication of user access tokens subject to timing attack during comparison CWE-208 6.5 Medium2022-10-14
CVE-2022-36088 GoCD Windows installations outside default location inadequately restrict installation file permissions CWE-284 5.0 Medium2022-09-07
CVE-2022-29184 Command Injection/Argument Injection in GoCD CWE-77 8.8 High2022-05-20
CVE-2022-29183 Reflected XSS in GoCD CWE-79 4.3 Medium2022-05-20
CVE-2022-29182 DOM-based XSS in GoCD CWE-79 4.3 Medium2022-05-20
CVE-2022-24832 Bundled ldap-authentication-plugin fails to neutralise LDAP special elements in usernames CWE-74 8.2 High2022-04-11
CVE-2021-25924 Aravind SV gocd 跨站请求伪造漏洞 8.8 -2021-04-01

All 17 known CVE vulnerabilities affecting gocd with full Chinese analysis, references, and POCs where available.