GoCD Authentication Vulnerability

Original release date: October 29, 2021

GoCD has released a security update to address a critical authentication vulnerability in GoCD versions 20.6.0 through 21.2.0. GoCD is an open-source Continuous Integration and Continuous Delivery system. A remote attacker could exploit this vulnerability to obtain sensitive information.

CISA encourages users and administrators to update to GoCD 21.3.0 or apply the necessary workarounds.

For more information, see Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD.

This product is provided subject to this Notification and this Privacy & Use policy.