Search Results | AttackerKB

Show filters

Clear All

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

2 Total Results

Displaying 1-2 of 2

Attacker Value

Very High

Pre-Auth Takeover of Build Pipelines in GoCD (CVE-2021-43287)

Last updated December 08, 2021

Please see https://blog.sonarsource.com/gocd-pre-auth-pipeline-takeover.

Attacker Value

Unknown

CVE-2021-43287

Disclosure Date: April 14, 2022 (last updated December 06, 2023)

An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers.