thoughtworks CVE Vulnerabilities & CVE List (24)

Products (CPE): — CVEs: 24

thoughtworks vulnerability overview

Aggregates CVE and security vulnerability intelligence across all thoughtworks-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Common weakness patterns include vendor risk xxe, vendor risk csrf, vendor risk ssrf, and vendor risk input validation, with potential vendor impact file overwrite across vendor surface software deployment use cases.

Vulnerability distribution trend (last 24 months)

Showing 2124 of 24 CVEs
«« First « Prev Page 2 / 2 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2021-43287 An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers. [email protected] 7.5 28.04% 2022-04-14 2026-06-17
CVE-2022-24832 GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not directly allow arbitrary LDAP data exfiltration, it can allow an existing LDAP-authenticated GoCD user with malicious intent to construct and execute malicious queries, allowing them to deduce facts about other users or entries within the LDAP database (e.g [email protected] 8.2 1.60% 2022-04-11 2026-06-17
CVE-2021-44659 Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). NOTE: the vendor's position is that the observed behavior is not a vulnerability, because the product's design allows an admin to configure outbound requests [email protected] 9.8 2.52% 2021-12-22 2026-06-17
CVE-2021-25924 In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. An attacker can trick a victim to click on a malicious link which could change backup configurations or execute system commands in the post_backup_script field. [email protected] 8.8 0.75% 2021-04-01 2026-06-16
«« First « Prev Page 2 / 2 Next »
cvelogic Threat Intelligence