Skip to content

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

Sign in

Sign up

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

gocd / gocd Public

Notifications You must be signed in to change notification settings
Fork 972
Star 7.2k

Code
Issues 61
Pull requests 21
Discussions
Actions
Projects
Wiki
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Discussions
Actions
Projects
Wiki
Security
Insights

Security: gocd/gocd

Security Navigation

Overview
Reporting
- Policy
- Advisories

Security Advisories

View information about security vulnerabilities from this repository's maintainers.

GoCD before 24.5.0 is vulnerable to XXE injection via abuse of pipeline XML "snippet" editing by group admins
GHSA-3w9f-fgr5-5g78 published Jan 3, 2025 by chadlwilson

Low
GoCD before 24.5.0 is vulnerable to XXE injection via abuse of unused XML configuration repository functionality
GHSA-8xwx-hf68-8xq7 published Jan 3, 2025 by chadlwilson

Low
GoCD before 24.5.0 can allow malicious GoCD admins to abuse backup configuration to gain additional host access
GHSA-7jr3-gh3w-vjxq published Jan 3, 2025 by chadlwilson

Low
GoCD before 24.5.0 is vulnerable to admin privilege escalation by a malicious internal & authenticated user
GHSA-346h-q594-rj8j published Jan 3, 2025 by chadlwilson

Critical
GoCD before 24.1.0 has reflected XSS possible while server is restarting
GHSA-q882-q6mm-mgvh published May 12, 2024 by chadlwilson

Low
GoCD before 23.1.0 has sensitive information disclosure possible on misconfigured failed backups of non-H2 databases
GHSA-p95w-gh78-qjmv published Mar 27, 2023 by chadlwilson

Moderate
GoCD before 23.1.0 has stored XSS possible on VSM and Job Details pages via malicious pipeline label configuration
GHSA-3vvg-gjfr-q9vm published Mar 27, 2023 by chadlwilson

Moderate
GoCD before 19.11.0 has API authentication of user access tokens subject to timing attack during comparison
GHSA-999p-fp84-jcpq published Oct 14, 2022 by chadlwilson

Moderate
GoCD before 21.1.0 has server secret encryption/decryption key accidentally leaked to agents during material serialization
GHSA-f9qg-xcxq-cgv9 published Oct 14, 2022 by chadlwilson

Moderate
GoCD before 21.1.0 has malicious agent able to impersonate another agent due to improper access control
GHSA-4fp5-33jh-hgcq published Oct 14, 2022 by chadlwilson

Moderate

Previous 1 2 3 Next

Footer

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.