Vulnerability Details CVE-2021-43287
An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.898
EPSS Ranking 99.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://blog.sonarsource.com/gocd-pre-auth-pipeline-takeover
- https://github.com/gocd/gocd/commit/41abc210ac4e8cfa184483c9ff1c0cc04fb3511c
- https://www.gocd.org/releases/#21-3-0
- https://blog.sonarsource.com/gocd-pre-auth-pipeline-takeover
- https://github.com/gocd/gocd/commit/41abc210ac4e8cfa184483c9ff1c0cc04fb3511c
- https://www.gocd.org/releases/#21-3-0
Products affected by CVE-2021-43287
-
cpe:2.3:a:thoughtworks:gocd:14.2.0
-
cpe:2.3:a:thoughtworks:gocd:14.3.0
-
cpe:2.3:a:thoughtworks:gocd:14.4.0
-
cpe:2.3:a:thoughtworks:gocd:15.1.0
-
cpe:2.3:a:thoughtworks:gocd:15.2.0
-
cpe:2.3:a:thoughtworks:gocd:15.3.0
-
cpe:2.3:a:thoughtworks:gocd:15.3.1
-
cpe:2.3:a:thoughtworks:gocd:16.1.0
-
cpe:2.3:a:thoughtworks:gocd:16.10.0
-
cpe:2.3:a:thoughtworks:gocd:16.11.0
-
cpe:2.3:a:thoughtworks:gocd:16.12.0
-
cpe:2.3:a:thoughtworks:gocd:16.2.0
-
cpe:2.3:a:thoughtworks:gocd:16.2.1
-
cpe:2.3:a:thoughtworks:gocd:16.3.0
-
cpe:2.3:a:thoughtworks:gocd:16.4.0
-
cpe:2.3:a:thoughtworks:gocd:16.5.0
-
cpe:2.3:a:thoughtworks:gocd:16.6.0
-
cpe:2.3:a:thoughtworks:gocd:16.7.0
-
cpe:2.3:a:thoughtworks:gocd:16.8.0
-
cpe:2.3:a:thoughtworks:gocd:16.9.0
-
cpe:2.3:a:thoughtworks:gocd:17.1.0
-
cpe:2.3:a:thoughtworks:gocd:17.10.0
-
cpe:2.3:a:thoughtworks:gocd:17.11.0
-
cpe:2.3:a:thoughtworks:gocd:17.12.0
-
cpe:2.3:a:thoughtworks:gocd:17.2.0
-
cpe:2.3:a:thoughtworks:gocd:17.3.0
-
cpe:2.3:a:thoughtworks:gocd:17.4.0
-
cpe:2.3:a:thoughtworks:gocd:17.5.0
-
cpe:2.3:a:thoughtworks:gocd:17.6.0
-
cpe:2.3:a:thoughtworks:gocd:17.7.0
-
cpe:2.3:a:thoughtworks:gocd:17.8.0
-
cpe:2.3:a:thoughtworks:gocd:17.9.0
-
cpe:2.3:a:thoughtworks:gocd:18.1.0
-
cpe:2.3:a:thoughtworks:gocd:18.10.0
-
cpe:2.3:a:thoughtworks:gocd:18.11.0
-
cpe:2.3:a:thoughtworks:gocd:18.12.0
-
cpe:2.3:a:thoughtworks:gocd:18.2.0
-
cpe:2.3:a:thoughtworks:gocd:18.3.0
-
cpe:2.3:a:thoughtworks:gocd:18.4.0
-
cpe:2.3:a:thoughtworks:gocd:18.5.0
-
cpe:2.3:a:thoughtworks:gocd:18.6.0
-
cpe:2.3:a:thoughtworks:gocd:18.7.0
-
cpe:2.3:a:thoughtworks:gocd:18.8.0
-
cpe:2.3:a:thoughtworks:gocd:18.9.0
-
cpe:2.3:a:thoughtworks:gocd:19.1.0
-
cpe:2.3:a:thoughtworks:gocd:19.10.0
-
cpe:2.3:a:thoughtworks:gocd:19.11.0
-
cpe:2.3:a:thoughtworks:gocd:19.12.0
-
cpe:2.3:a:thoughtworks:gocd:19.2.0
-
cpe:2.3:a:thoughtworks:gocd:19.3.0
-
cpe:2.3:a:thoughtworks:gocd:19.4.0
-
cpe:2.3:a:thoughtworks:gocd:19.5.0
-
cpe:2.3:a:thoughtworks:gocd:19.6.0
-
cpe:2.3:a:thoughtworks:gocd:19.7.0
-
cpe:2.3:a:thoughtworks:gocd:19.8.0
-
cpe:2.3:a:thoughtworks:gocd:19.9.0
-
cpe:2.3:a:thoughtworks:gocd:20.1.0
-
cpe:2.3:a:thoughtworks:gocd:20.10.0
-
cpe:2.3:a:thoughtworks:gocd:20.2.0
-
cpe:2.3:a:thoughtworks:gocd:20.3.0
-
cpe:2.3:a:thoughtworks:gocd:20.4.0
-
cpe:2.3:a:thoughtworks:gocd:20.5.0
-
cpe:2.3:a:thoughtworks:gocd:20.6.0
-
cpe:2.3:a:thoughtworks:gocd:20.7.0
-
cpe:2.3:a:thoughtworks:gocd:20.8.0
-
cpe:2.3:a:thoughtworks:gocd:20.9.0
-
cpe:2.3:a:thoughtworks:gocd:21.1.0
-
cpe:2.3:a:thoughtworks:gocd:21.2.0