thoughtworks

Top products

The 15 most recently published vulnerabilities affecting thoughtworks.

• CVE-2024-56324GoCD vulnerable to XXE injection via abuse of pipeline XML "snippet" editing by group admins7.1Jan 3, 2025
• CVE-2024-56322GoCD vulnerable to XXE injection via abuse of unused XML configuration repository functionality7.2Jan 3, 2025
• CVE-2024-56321GoCD can allow malicious GoCD admins to abuse backup configuration to gain additional host access3.8Jan 3, 2025
• CVE-2024-56320GoCD vulnerable to admin privilege escalation by a malicious internal/existing authenticated user8.8Jan 3, 2025
• CVE-2024-28866GoCD vulnerable to reflected Cross-site Scripting possible on server loading page during start-up3.1May 13, 2024
• CVE-2021-29057An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3, allows attackers to cause a denial of service.6.5Aug 11, 2023
• CVE-2023-28629Stored XSS possible on VSM and Job Details pages via malicious pipeline label configuration in gocd5.4Mar 27, 2023
• CVE-2023-28630Sensitive information disclosure possible on misconfigured failed backups of non-H2 databases in gocd4.2Mar 27, 2023
• CVE-2022-39311Compromised agents may be able to execute remote code on GoCD Server9.1Oct 14, 2022
• CVE-2022-39310Malicious agent may be able to impersonate another agent in GoCD4.9Oct 14, 2022
• CVE-2022-39309GoCD server secret encryption/decryption key leaked to agents during material serialization4.9Oct 14, 2022
• CVE-2022-39308GoCD API authentication of user access tokens subject to timing attack during comparison6.5Oct 14, 2022
• CVE-2022-36088GoCD Windows installations outside default location inadequately restrict installation file permissions5.0Sep 7, 2022
• CVE-2022-29184Command Injection/Argument Injection in GoCD8.8May 20, 2022
• CVE-2022-29183Reflected XSS in GoCD4.3May 20, 2022