CVE-2021-43288

Sažetak

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report.

Reference

https://www.gocd.org/releases/#21-3-0
https://blog.sonarsource.com/gocd-vulnerability-chain
https://github.com/gocd/gocd/commit/f5c1d2aa9ab302a97898a6e4b16218e64fe8e9e4

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

22-04-2022 - 20:41

Objavljeno

14-04-2022 - 13:15