Thoughtworks: >> Gocd >> 16.4.0 Security Vulnerabilities
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename.
CVSS Score
7.5
EPSS Score
0.034
Published
2022-04-14
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename but the directory is placed inside of a directory that they can't control.
CVSS Score
9.8
EPSS Score
0.047
Published
2022-04-14
An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers.
CVSS Score
7.5
EPSS Score
0.898
Published
2022-04-14
Page 2