March 28, 2023

GoCD has patched a “Highly Critical” authentication vulnerability in its GoCD CI/CD tool. GoCD is an open-source Continuous Integration and Continuous Delivery system (CI/CD) tool that is used by software developers and organizations for automating software delivery.

Advertisements

“This release has important security fixes and upgrades to lots of internal components. We recommend all users to upgrade to this version to safeguard your GoCD server,”.

Titled as ‘Agent 007: Pre Auth Takeover of Build Pipelines in GoCD.’ This “highly critical” authentication vulnerability could allow an unauthenticated attacker to view highly sensitive data and read arbitrary files on a GoCD server.

An attackers could leak API keys to external services such as Docker Hub and GitHub, steal private source code, get access to production environments, and overwrite files that are being produced as part of the build processes, leading to supply chain attacks,.

Advertisements

The issue affects GoCD versions 20.6.0 through 21.2.0. Users are highly encouraged to upgrade to the latest version of GoCD 21.3.0 as soon as possible

Tags:

Leave a Reply

You may have missed

Apache Fineract Vulnerabilities

Apache Fineract Vulnerabilities

March 28, 2023
IceID Malware Shifting Focus to Ransomwares

IceID Malware Shifting Focus to Ransomwares

March 28, 2023
Sun Pharma suffers a Security Incident

Sun Pharma suffers a Security Incident

March 28, 2023
Twitter Source Code Leak on Git

Twitter Source Code Leak on Git

March 27, 2023
Okta Credentials Exposed via Post Exploitation Attack

Okta Credentials Exposed via Post Exploitation Attack

March 27, 2023
Dark Power Ransomware Dissection

Dark Power Ransomware Dissection

March 26, 2023
%d bloggers like this: