Description

Due to a vulnerability in Business Continuity add-on of GoCD, an attacker can access sensitive information and takeover of the server..

Remediation

Upgrade to the latest version of GoCD

References

Pre-Auth Takeover of Build Pipelines in GoCD

Related Vulnerabilities

Web application default/weak credentials

Unrestricted access to Caddy API interface

WordPress Plugin BackupBuddy Information Disclosure (2.2.28)

WordPress Plugin Gutenberg Template Library & Redux Framework Multiple Vulnerabilities (4.2.11)

WordPress Plugin WordPress File Upload Multiple Vulnerabilities (2.7.6)

Severity

High

Classification

CVE-2021-43287 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration