CVE-2021-43288

Опубликовано: 14 апр. 2022

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report.

Ссылки

https://blog.sonarsource.com/gocd-vulnerability-chain
Exploit
Patch
Third Party Advisory
https://github.com/gocd/gocd/commit/f5c1d2aa9ab302a97898a6e4b16218e64fe8e9e4
Patch
Third Party Advisory
https://www.gocd.org/releases/#21-3-0
Issue Tracking
Release Notes
Vendor Advisory
https://blog.sonarsource.com/gocd-vulnerability-chain
Exploit
Patch
Third Party Advisory
https://github.com/gocd/gocd/commit/f5c1d2aa9ab302a97898a6e4b16218e64fe8e9e4
Patch
Third Party Advisory
https://www.gocd.org/releases/#21-3-0
Issue Tracking
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:thoughtworks:gocd:*:*:*:*:*:*:*:*

Версия до 21.3.0 (исключая)

EPSS

Процентиль: 79%

0.01229

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-m647-73w5-9fcf