Vulnerabilities in gocd
16 resultsCVE-2022-29184HIGHCommand Injection/Argument Injection in GoCDEPSS 3.6%CVE-2022-24832HIGHBundled ldap-authentication-plugin fails to neutralise LDAP special elements in usernamesEPSS 1.6%CVE-2022-39311CRITICALCompromised agents may be able to execute remote code on GoCD ServerEPSS 1.6%CVE-2022-29183MEDIUMReflected XSS in GoCDEPSS 0.8%CVE-2022-29182MEDIUMDOM-based XSS in GoCDEPSS 0.8%CVE-2022-39309MEDIUMGoCD server secret encryption/decryption key leaked to agents during material serializationEPSS 0.8%CVE-2024-56324LOWGoCD vulnerable to XXE injection via abuse of pipeline XML "snippet" editing by group adminsEPSS 0.8%CVE-2024-56320CRITICALGoCD vulnerable to admin privilege escalation by a malicious internal/existing authenticated userEPSS 0.7%CVE-2024-56322LOWGoCD vulnerable to XXE injection via abuse of unused XML configuration repository functionalityEPSS 0.7%CVE-2022-39308MEDIUMGoCD API authentication of user access tokens subject to timing attack during comparisonEPSS 0.6%CVE-2022-39310MEDIUMMalicious agent may be able to impersonate another agent in GoCDEPSS 0.6%CVE-2024-56321LOWGoCD can allow malicious GoCD admins to abuse backup configuration to gain additional host accessEPSS 0.5%CVE-2023-28629MEDIUMStored XSS possible on VSM and Job Details pages via malicious pipeline label configuration in gocdEPSS 0.5%CVE-2024-28866LOWGoCD vulnerable to reflected Cross-site Scripting possible on server loading page during start-upEPSS 0.4%CVE-2023-28630MEDIUMSensitive information disclosure possible on misconfigured failed backups of non-H2 databases in gocdEPSS 0.3%CVE-2022-36088MEDIUMGoCD Windows installations outside default location inadequately restrict installation file permissionsEPSS 0.2%