Vulnerability Details CVE-2021-43288
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 80.8%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://blog.sonarsource.com/gocd-vulnerability-chain
- https://github.com/gocd/gocd/commit/f5c1d2aa9ab302a97898a6e4b16218e64fe8e9e4
- https://www.gocd.org/releases/#21-3-0
- https://blog.sonarsource.com/gocd-vulnerability-chain
- https://github.com/gocd/gocd/commit/f5c1d2aa9ab302a97898a6e4b16218e64fe8e9e4
- https://www.gocd.org/releases/#21-3-0
Products affected by CVE-2021-43288
-
cpe:2.3:a:thoughtworks:gocd:14.2.0
-
cpe:2.3:a:thoughtworks:gocd:14.3.0
-
cpe:2.3:a:thoughtworks:gocd:14.4.0
-
cpe:2.3:a:thoughtworks:gocd:15.1.0
-
cpe:2.3:a:thoughtworks:gocd:15.2.0
-
cpe:2.3:a:thoughtworks:gocd:15.3.0
-
cpe:2.3:a:thoughtworks:gocd:15.3.1
-
cpe:2.3:a:thoughtworks:gocd:16.1.0
-
cpe:2.3:a:thoughtworks:gocd:16.10.0
-
cpe:2.3:a:thoughtworks:gocd:16.11.0
-
cpe:2.3:a:thoughtworks:gocd:16.12.0
-
cpe:2.3:a:thoughtworks:gocd:16.2.0
-
cpe:2.3:a:thoughtworks:gocd:16.2.1
-
cpe:2.3:a:thoughtworks:gocd:16.3.0
-
cpe:2.3:a:thoughtworks:gocd:16.4.0
-
cpe:2.3:a:thoughtworks:gocd:16.5.0
-
cpe:2.3:a:thoughtworks:gocd:16.6.0
-
cpe:2.3:a:thoughtworks:gocd:16.7.0
-
cpe:2.3:a:thoughtworks:gocd:16.8.0
-
cpe:2.3:a:thoughtworks:gocd:16.9.0
-
cpe:2.3:a:thoughtworks:gocd:17.1.0
-
cpe:2.3:a:thoughtworks:gocd:17.10.0
-
cpe:2.3:a:thoughtworks:gocd:17.11.0
-
cpe:2.3:a:thoughtworks:gocd:17.12.0
-
cpe:2.3:a:thoughtworks:gocd:17.2.0
-
cpe:2.3:a:thoughtworks:gocd:17.3.0
-
cpe:2.3:a:thoughtworks:gocd:17.4.0
-
cpe:2.3:a:thoughtworks:gocd:17.5.0
-
cpe:2.3:a:thoughtworks:gocd:17.6.0
-
cpe:2.3:a:thoughtworks:gocd:17.7.0
-
cpe:2.3:a:thoughtworks:gocd:17.8.0
-
cpe:2.3:a:thoughtworks:gocd:17.9.0
-
cpe:2.3:a:thoughtworks:gocd:18.1.0
-
cpe:2.3:a:thoughtworks:gocd:18.10.0
-
cpe:2.3:a:thoughtworks:gocd:18.11.0
-
cpe:2.3:a:thoughtworks:gocd:18.12.0
-
cpe:2.3:a:thoughtworks:gocd:18.2.0
-
cpe:2.3:a:thoughtworks:gocd:18.3.0
-
cpe:2.3:a:thoughtworks:gocd:18.4.0
-
cpe:2.3:a:thoughtworks:gocd:18.5.0
-
cpe:2.3:a:thoughtworks:gocd:18.6.0
-
cpe:2.3:a:thoughtworks:gocd:18.7.0
-
cpe:2.3:a:thoughtworks:gocd:18.8.0
-
cpe:2.3:a:thoughtworks:gocd:18.9.0
-
cpe:2.3:a:thoughtworks:gocd:19.1.0
-
cpe:2.3:a:thoughtworks:gocd:19.10.0
-
cpe:2.3:a:thoughtworks:gocd:19.11.0
-
cpe:2.3:a:thoughtworks:gocd:19.12.0
-
cpe:2.3:a:thoughtworks:gocd:19.2.0
-
cpe:2.3:a:thoughtworks:gocd:19.3.0
-
cpe:2.3:a:thoughtworks:gocd:19.4.0
-
cpe:2.3:a:thoughtworks:gocd:19.5.0
-
cpe:2.3:a:thoughtworks:gocd:19.6.0
-
cpe:2.3:a:thoughtworks:gocd:19.7.0
-
cpe:2.3:a:thoughtworks:gocd:19.8.0
-
cpe:2.3:a:thoughtworks:gocd:19.9.0
-
cpe:2.3:a:thoughtworks:gocd:20.1.0
-
cpe:2.3:a:thoughtworks:gocd:20.10.0
-
cpe:2.3:a:thoughtworks:gocd:20.2.0
-
cpe:2.3:a:thoughtworks:gocd:20.3.0
-
cpe:2.3:a:thoughtworks:gocd:20.4.0
-
cpe:2.3:a:thoughtworks:gocd:20.5.0
-
cpe:2.3:a:thoughtworks:gocd:20.6.0
-
cpe:2.3:a:thoughtworks:gocd:20.7.0
-
cpe:2.3:a:thoughtworks:gocd:20.8.0
-
cpe:2.3:a:thoughtworks:gocd:20.9.0
-
cpe:2.3:a:thoughtworks:gocd:21.1.0
-
cpe:2.3:a:thoughtworks:gocd:21.2.0