Description

Due to a vulnerability in Business Continuity add-on of GoCD, an attacker can access sensitive information and takeover of the server..

Remediation

Upgrade to the latest version of GoCD

References

Pre-Auth Takeover of Build Pipelines in GoCD

Related Vulnerabilities

Consul API publicly exposed

WordPress Plugin Unyson Information Disclosure (2.7.18)

WordPress Plugin Image Export Arbitrary File Download (1.1.0)

Apache Tomcat version older than 4.1.37

WordPress Plugin Slideshow Gallery LITE Multiple Vulnerabilities (1.5.1)

Severity

High

Classification

CVE-2021-43287 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration