Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

CVE-2022-29183

MEDIUM

Published 2022-05-20T19:10:11.000Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2022-29183. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

4.3

/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14

0.006

probability

of exploitation in the wild

There is a 0.6% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25

Exploit Probability

Percentile: 0.675

Higher than 67.5% of all CVEs

Attack Vector Metrics

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Impact Metrics

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Description

GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4.0 are vulnerable to reflected cross-site scripting via abuse of the pipeline comparison function's error handling to render arbitrary HTML into the returned page. This could allow an attacker to trick a victim into executing code which would allow the attacker to operate on, or gain control over the same resources as the victim had access to. This issue is fixed in GoCD 21.4.0. As a workaround, block access to `/go/compare/.*` prior to GoCD Server via a reverse proxy, web application firewall or equivalent, which would prevent use of the pipeline comparison function.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

gocd

gocd

Affected Versions:

>= 20.2.0, < 21.4.0

References

https://github.com/gocd/gocd/security/advisories/GHSA-3vvq-q4qv-x2gf

https://github.com/gocd/gocd/pull/9829/commits/bda81084c0401234b168437cf35a63390e3064d1

https://github.com/gocd/gocd/releases/tag/21.4.0

https://www.gocd.org/releases/#21-4-0

Published: 2022-05-20T19:10:11.000Z

Last Modified: 2025-04-23T18:24:15.129Z

Copied to clipboard!