Description

Due to a vulnerability in Business Continuity add-on of GoCD, an attacker can access sensitive information and takeover of the server..

Remediation

Upgrade to the latest version of GoCD

References

Pre-Auth Takeover of Build Pipelines in GoCD

Related Vulnerabilities

ColdFusion Request Debugging information disclosure

WordPress Plugin Advanced Custom Fields (ACF) Information Disclosure (6.0.2)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6612)

Cloud metadata publicly exposed

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-6830)

Severity

High

Classification

CVE-2021-43287 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration