H3-2022-0029¶

Unauthenticated Access to ThoughtWorks GoCD

Description¶

An authentication bypass was found in GoCD that allows the attacker to abuse certain critical endpoints.

Impact¶

An unauthenticated attacker can abuse this misconfiguration to leak sensitive information on the host to completely compromise the host and all data being processed by it.

References¶

• Upgrading GoCD
• Abusing GoCD Authentication Bypass
• CWE-306: Missing Authentication for Critical Function