Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

gocd — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting gocd. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by gocd:gocd
CVE IDTitleCVSSSeverityPublished
CVE-2024-56324 GoCD vulnerable to XXE injection via abuse of pipeline XML "snippet" editing by group admins — gocdCWE-611 6.5 -2025-01-03
CVE-2024-56322 GoCD vulnerable to XXE injection via abuse of unused XML configuration repository functionality — gocdCWE-611 6.7 -2025-01-03
CVE-2024-56321 GoCD can allow malicious GoCD admins to abuse backup configuration to gain additional host access — gocdCWE-20 3.8 Low2025-01-03
CVE-2024-56320 GoCD vulnerable to admin privilege escalation by a malicious internal/existing authenticated user — gocdCWE-285 8.8 -2025-01-03
CVE-2024-28866 GoCD vulnerable to reflected Cross-site Scripting possible on server loading page during start-up — gocdCWE-79 3.1 Low2024-05-13
CVE-2023-28629 Stored XSS possible on VSM and Job Details pages via malicious pipeline label configuration in gocd — gocdCWE-79 5.4 Medium2023-03-27
CVE-2023-28630 Sensitive information disclosure possible on misconfigured failed backups of non-H2 databases in gocd — gocdCWE-532 4.2 Medium2023-03-27
CVE-2022-39308 GoCD API authentication of user access tokens subject to timing attack during comparison — gocdCWE-208 6.5 Medium2022-10-14
CVE-2022-39309 GoCD server secret encryption/decryption key leaked to agents during material serialization — gocdCWE-200 4.9 Medium2022-10-14
CVE-2022-39310 Malicious agent may be able to impersonate another agent in GoCD — gocdCWE-284 4.9 Medium2022-10-14
CVE-2022-39311 Compromised agents may be able to execute remote code on GoCD Server — gocdCWE-502 9.1 Critical2022-10-14
CVE-2022-36088 GoCD Windows installations outside default location inadequately restrict installation file permissions — gocdCWE-284 5.0 Medium2022-09-07
CVE-2022-29184 Command Injection/Argument Injection in GoCD — gocdCWE-77 8.8 High2022-05-20
CVE-2022-29183 Reflected XSS in GoCD — gocdCWE-79 4.3 Medium2022-05-20
CVE-2022-29182 DOM-based XSS in GoCD — gocdCWE-79 4.3 Medium2022-05-20
CVE-2022-24832 Bundled ldap-authentication-plugin fails to neutralise LDAP special elements in usernames — gocdCWE-74 8.2 High2022-04-11

This page lists every published CVE security advisory associated with gocd. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.