Описание
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename but the directory is placed inside of a directory that they can't control.
Ссылки
- ExploitPatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingRelease NotesVendor Advisory
- ExploitPatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingRelease NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 21.3.0 (исключая)
cpe:2.3:a:thoughtworks:gocd:*:*:*:*:*:*:*:*
EPSS
Процентиль: 88%
0.04226
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 9.8
github
почти 4 года назад
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename but the directory is placed inside of a directory that they can't control.
EPSS
Процентиль: 88%
0.04226
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-22