CVE-2024-56324

< 24.5.0

GoCD is a continuous deliver server. GoCD versions prior to 24.4.0 can allow GoCD "group admins" to abuse ability to edit the raw

7.1HIGH

CVE-2024-56322

>= 16.7.0 and < 24.5.0

GoCD is a continuous deliver server. GoCD versions 16.7.0 through 24.4.0 (inclusive) can allow GoCD admins to abuse a hidden/unuse

7.2HIGH

CVE-2024-56321

>= 18.9.0 and < 24.5.0

GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 (inclusive) can allow GoCD admins to abuse the backup con

3.8LOW

CVE-2024-56320

< 24.5.0

GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper au

8.8HIGH

CVE-2024-28866

>= 19.4.0 and < 24.1.0

GoCD is a continuous delivery server. GoCD versions from 19.4.0 to 23.5.0 (inclusive) are potentially vulnerable to a reflected cr

3.1LOW

CVE-2023-28630

>= 20.5.0 and < 23.1.0

GoCD is an open source continuous delivery server. In GoCD versions from 20.5.0 and below 23.1.0, if the server environment is not

4.2MEDIUM

CVE-2023-28629

< 23.1.0

GoCD is an open source continuous delivery server. GoCD versions before 23.1.0 are vulnerable to a stored XSS vulnerability, where

5.4MEDIUM

CVE-2022-39311

< 21.1.0

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery

9.1CRITICAL

CVE-2022-39310

< 21.1.0

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery

4.9MEDIUM

CVE-2022-39309

< 21.1.0

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery

4.9MEDIUM

CVE-2022-39308

>= 19.2.0 and < 19.11.0

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery

6.5MEDIUM

CVE-2022-36088

< 22.2.0

GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD prior to 22.2.0 do

5.0MEDIUM

CVE-2022-29184

< 22.1.0

GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0, it is possible for existing authenticated users who have p

8.8HIGH

CVE-2022-29183

>= 20.2.0 and < 21.4.0

GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4.0 are vulnerable to reflected cross-site scripting via abuse

4.3MEDIUM

CVE-2022-29182

>= 19.11.0 and <= 21.4.0

GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21.4.0 (inclusive) are vulnerable to a Document Object Model (

4.3MEDIUM

CVE-2021-43290

< 21.3.0

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious fi

9.8CRITICAL

CVE-2021-43289

< 21.3.0

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious fi

7.5HIGH

CVE-2021-43288

< 21.3.0

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript

5.4MEDIUM

CVE-2021-43286

< 21.3.0

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server

8.8HIGH

CVE-2021-43287

< 21.3.0

An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all

7.5HIGH

CVE-2022-24832

>= 17.5.0 and < 22.1.0

GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fai

8.2HIGH

CVE-2021-44659

all versions

Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order

9.8CRITICAL

CVE-2021-25924

>= 19.6.0 and < 21.2.0

In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/con

8.8HIGH