Impact
GoCD versions before 21.3.0 are vulnerable to a path traversal vulnerability during artifact uploads from an agent to the GoCD Server, allowing files to be uploaded to an arbitrary directory of the attacker's choice, using a server-determined filename. To exploit this vulnerability, the agent would need first to have been compromised by the attacker, allowing access to the credentials the agent uses to authenticate with the server.
Patches
Fixed in GoCD 21.3.0.
Workarounds
None known.
References
For more information
If you have any questions or comments about this advisory:
thomas-chauchefoin-sonarsource Analyst
paul-gerste-sonarsource Analyst
Impact
GoCD versions before 21.3.0 are vulnerable to a path traversal vulnerability during artifact uploads from an agent to the GoCD Server, allowing files to be uploaded to an arbitrary directory of the attacker's choice, using a server-determined filename. To exploit this vulnerability, the agent would need first to have been compromised by the attacker, allowing access to the credentials the agent uses to authenticate with the server.
Patches
Fixed in GoCD 21.3.0.
Workarounds
None known.
References
For more information
If you have any questions or comments about this advisory: