September 21, 2023

GoCD has patched a “Highly Critical” authentication vulnerability in its GoCD CI/CD tool. GoCD is an open-source Continuous Integration and Continuous Delivery system (CI/CD) tool that is used by software developers and organizations for automating software delivery.

Advertisements

“This release has important security fixes and upgrades to lots of internal components. We recommend all users to upgrade to this version to safeguard your GoCD server,”.

Titled as ‘Agent 007: Pre Auth Takeover of Build Pipelines in GoCD.’ This “highly critical” authentication vulnerability could allow an unauthenticated attacker to view highly sensitive data and read arbitrary files on a GoCD server.

An attackers could leak API keys to external services such as Docker Hub and GitHub, steal private source code, get access to production environments, and overwrite files that are being produced as part of the build processes, leading to supply chain attacks,.

Advertisements

The issue affects GoCD versions 20.6.0 through 21.2.0. Users are highly encouraged to upgrade to the latest version of GoCD 21.3.0 as soon as possible

Tags:

Leave a Reply

You may have missed

Atlassian BitBucket and Confluence Vulnerabilities

September 21, 2023

Snatch ransomware Dissection

September 21, 2023

Fortinet Fixes Vulnerabilities in FortiOS

September 20, 2023

Trend Micro Endpoint Vulnerability – CVE-2023-41179

September 20, 2023

GitLab Addresses Critical Vulnerability -CVE-2023-4998

September 20, 2023

Crowdstrike New Offerings and Bionic.ai Acquisition

September 20, 2023
%d bloggers like this: