Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

gocd — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting gocd. AI-powered Chinese analysis, POCs, and references for each vulnerability.

GoCD is an open-source continuous delivery platform used for automating software builds, tests, and deployments. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The platform's web interface and API have been common attack vectors, with several CVEs allowing unauthorized access or code execution. While no major public security incidents have been widely documented, the 16 recorded CVEs highlight consistent security challenges, particularly in authentication and input validation. Organizations using GoCD should maintain current patch levels and implement proper network segmentation to mitigate risks associated with these historically recurring vulnerability patterns.

Found 16 results / 16Clear Filters
Top products by gocd: gocd
CVE IDTitleCVSSSeverityPublished
CVE-2024-56324 GoCD vulnerable to XXE injection via abuse of pipeline XML "snippet" editing by group admins — gocdCWE-611 6.5 -2025-01-03
CVE-2024-56322 GoCD vulnerable to XXE injection via abuse of unused XML configuration repository functionality — gocdCWE-611 6.7 -2025-01-03
CVE-2024-56321 GoCD can allow malicious GoCD admins to abuse backup configuration to gain additional host access — gocdCWE-20 3.8 Low2025-01-03
CVE-2024-56320 GoCD vulnerable to admin privilege escalation by a malicious internal/existing authenticated user — gocdCWE-285 8.8 -2025-01-03
CVE-2024-28866 GoCD vulnerable to reflected Cross-site Scripting possible on server loading page during start-up — gocdCWE-79 3.1 Low2024-05-13
CVE-2023-28629 Stored XSS possible on VSM and Job Details pages via malicious pipeline label configuration in gocd — gocdCWE-79 5.4 Medium2023-03-27
CVE-2023-28630 Sensitive information disclosure possible on misconfigured failed backups of non-H2 databases in gocd — gocdCWE-532 4.2 Medium2023-03-27
CVE-2022-39308 GoCD API authentication of user access tokens subject to timing attack during comparison — gocdCWE-208 6.5 Medium2022-10-14
CVE-2022-39309 GoCD server secret encryption/decryption key leaked to agents during material serialization — gocdCWE-200 4.9 Medium2022-10-14
CVE-2022-39310 Malicious agent may be able to impersonate another agent in GoCD — gocdCWE-284 4.9 Medium2022-10-14
CVE-2022-39311 Compromised agents may be able to execute remote code on GoCD Server — gocdCWE-502 9.1 Critical2022-10-14
CVE-2022-36088 GoCD Windows installations outside default location inadequately restrict installation file permissions — gocdCWE-284 5.0 Medium2022-09-07
CVE-2022-29184 Command Injection/Argument Injection in GoCD — gocdCWE-77 8.8 High2022-05-20
CVE-2022-29183 Reflected XSS in GoCD — gocdCWE-79 4.3 Medium2022-05-20
CVE-2022-29182 DOM-based XSS in GoCD — gocdCWE-79 4.3 Medium2022-05-20
CVE-2022-24832 Bundled ldap-authentication-plugin fails to neutralise LDAP special elements in usernames — gocdCWE-74 8.2 High2022-04-11

This page lists every published CVE security advisory associated with gocd. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.