Description
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2021-30230 | An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code. |
References
History
No history.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-04T03:55:28.476Z
Reserved: 2021-11-02T00:00:00.000Z
Link: CVE-2021-43286
No data.
Status : Modified
Published: 2022-04-14T13:15:11.417
Modified: 2026-06-17T04:10:47.487
Link: CVE-2021-43286
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
EUVD