CVE-2024-56321

CVSS 3.1 Score 3.8 of 10 (low)

Details

Published Jan 3, 2025

CWE ID 36

CWE ID 20

Summary

CVE-2024-56321 is a vulnerability affecting GoCD versions 18.9.0 to 24.4.0. GoCD is a continuous delivery server, and this issue allows administrators to execute arbitrary scripts on the hosting server or container using the "post-backup script" feature. In most cases, the impact is limited because an admin who can access GoCD's UI usually has host administration permissions. However, in restricted environments where these roles are separated, this may lead to unexpected behavior. GoCD fixed this vulnerability in version 24.5.0 by disabling post-backup scripts in sensitive locations. No workarounds are currently available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

GoCD

Affected Vendors

ThoughtWorks

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Know What Matters

For Customers

For Partners