漏洞描述
GoCD Build Pipelines存在目录遍历漏洞,此漏洞是缺乏校验导致的。
GoCD Build Pipelines CVE-2021-43287目录遍历漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2022-29455-headless: WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting
- POC CVE-2018-18570: Planon <Live Build 41 - Cross-Site Scripting
- POC CVE-2018-7841: Schneider Electric U.motion Builder - Remote Code Execution
- POC CVE-2019-7275: Optergy Proton/Enterprise Building Management System - Open Redirect
- POC CVE-2021-24358: Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect
- POC CVE-2021-24891: WordPress Elementor Website Builder <3.1.4 - Cross-Site Scripting
- POC CVE-2021-25067: Landing Page Builder < 1.4.9.6 - Cross-Site Scripting
- POC CVE-2021-41291: ECOA Building Automation System - Directory Traversal Content Disclosure
- POC CVE-2021-41293: ECOA Building Automation System - Arbitrary File Retrieval
- POC CVE-2021-43287: Pre-Auth Takeover of Build Pipelines in GoCD
- POC CVE-2022-0140: WordPress Visual Form Builder <3.0.8 - Information Disclosure
- POC CVE-2022-0165: WordPress Page Builder KingComposer <=2.9.6 - Open Redirect
- POC CVE-2022-0228: Popup Builder < 4.0.7 - SQL Injection