Описание
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename.
Ссылки
- ExploitPatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingRelease NotesVendor Advisory
- ExploitPatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingRelease NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 21.3.0 (исключая)
cpe:2.3:a:thoughtworks:gocd:*:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01559
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 7.5
github
почти 4 года назад
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename.
EPSS
Процентиль: 81%
0.01559
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22