An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers.
References
Link | Resource |
---|---|
https://blog.sonarsource.com/gocd-pre-auth-pipeline-takeover | Exploit Patch Third Party Advisory |
https://github.com/gocd/gocd/commit/41abc210ac4e8cfa184483c9ff1c0cc04fb3511c | Patch Third Party Advisory |
https://www.gocd.org/releases/#21-3-0 | Issue Tracking Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-04-14T11:52:39
Updated: 2022-04-14T11:52:39
Reserved: 2021-11-02T00:00:00
Link: CVE-2021-43287
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-14T12:15:07.717
Modified: 2022-04-21T20:33:12.833
Link: CVE-2021-43287
JSON object: View
Redhat Information
No data.
CWE