CVE-2021-43289

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 14-04-2022 03:15

Last modified: - 26-04-2022 07:01

Total changes: - 2

Description

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

None

Confidentiality

High

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

7.5

Base score

3.9

3.6

Exploitability score

Impact score

Verification logic

vendor=thoughtworks AND product=gocd AND versionEndExcluding=21.3.0

Reference

https://www.gocd.org/releases/#21-3-0
https://blog.sonarsource.com/gocd-vulnerability-chain
https://github.com/gocd/gocd/commit/4c4bb4780eb0d3fc4cacfc4cfcc0b07e2eaf0595
https://github.com/gocd/gocd/commit/c22e0428164af25d3e91baabd3f538a41cadc82f

Keywords

CVE-2021-43289

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2021-43289

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures