Every CVE whose affected-product data names Thoughtworks Gocd, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2021-43290 — CVSS 9.8 (critical): An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a…
CVE-2021-44659 — CVSS 9.8 (critical): Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to…
CVE-2022-39311 — CVSS 9.1 (critical): GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your…
CVE-2021-25924 — CVSS 8.8 (high): In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the…
CVE-2021-43286 — CVSS 8.8 (high): An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse…
CVE-2024-56320 — CVSS 8.8 (high): GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper…
CVE-2022-29184 — CVSS 8.8 (high): GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0, it is possible for existing authenticated users who have…
CVE-2022-24832 — CVSS 8.2 (high): GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to…
CVE-2021-43289 — CVSS 7.5 (high): An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into…
CVE-2021-43287 — CVSS 7.5 (high): An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets…
CVE-2024-56322 — CVSS 7.2 (high): GoCD is a continuous deliver server. GoCD versions 16.7.0 through 24.4.0 (inclusive) can allow GoCD admins to abuse a hidden/unused…
CVE-2024-56324 — CVSS 7.1 (high): GoCD is a continuous deliver server. GoCD versions prior to 24.4.0 can allow GoCD "group admins" to abuse ability to edit the raw XML…
CVE-2022-39308 — CVSS 6.5 (medium): GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your…
CVE-2021-43288 — CVSS 5.4 (medium): An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a…
CVE-2023-28629 — CVSS 5.4 (medium): GoCD is an open source continuous delivery server. GoCD versions before 23.1.0 are vulnerable to a stored XSS vulnerability, where pipeline…
CVE-2022-36088 — CVSS 5.0 (medium): GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD prior to 22.2.0 do not…
CVE-2022-39309 — CVSS 4.9 (medium): GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your…
CVE-2022-39310 — CVSS 4.9 (medium): GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your…
CVE-2022-29183 — CVSS 4.3 (medium): GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4.0 are vulnerable to reflected cross-site scripting via abuse of the…
CVE-2022-29182 — CVSS 4.3 (medium): GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21.4.0 (inclusive) are vulnerable to a Document Object Model…
CVE-2023-28630 — CVSS 4.2 (medium): GoCD is an open source continuous delivery server. In GoCD versions from 20.5.0 and below 23.1.0, if the server environment is not…
CVE-2024-56321 — CVSS 3.8 (low): GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 (inclusive) can allow GoCD admins to abuse the backup…
CVE-2024-28866 — CVSS 3.1 (low): GoCD is a continuous delivery server. GoCD versions from 19.4.0 to 23.5.0 (inclusive) are potentially vulnerable to a reflected cross-site…