CVE: Common Vulnerabilities and Exposures

Required CVE Record Information

Description

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename.

Product Status

Learn more

Information not provided

References 4 Total

https://www.gocd.org/releases/#21-3-0
external site
https://github.com/gocd/gocd/commit/4c4bb4780eb0d3fc4cacfc4cfcc0b07e2eaf0595
external site
https://github.com/gocd/gocd/commit/c22e0428164af25d3e91baabd3f538a41cadc82f
external site
https://blog.sonarsource.com/gocd-vulnerability-chain
external site

Updated: 2024-08-04

This container includes required additional information provided by the CVE Program for this vulnerability.

References 4 Total

https://www.gocd.org/releases/#21-3-0
external site
x_transferred
https://github.com/gocd/gocd/commit/4c4bb4780eb0d3fc4cacfc4cfcc0b07e2eaf0595
external site
x_transferred
https://github.com/gocd/gocd/commit/c22e0428164af25d3e91baabd3f538a41cadc82f
external site
x_transferred
https://blog.sonarsource.com/gocd-vulnerability-chain
external site
x_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: MITRE Corporation

Description

Product Status

References 4 Total

CVE Program

References 4 Total