GoCD - HackerOne Reports
View on HackerOne13
Total Reports
0
Critical
1
High
3
Medium
2
Low
XSS in http://localhost:8153/go/admin/config/server/update
Reported by:
pradeepch99
|
Disclosed:
Weakness: Cross-site Scripting (XSS) - Generic
Possible SSRF at URL Parameter while creating a new package repository
Reported by:
kiraak-boy
|
Disclosed:
Weakness: Information Disclosure
X-Content-Type-Options header missing at Auth Login
Reported by:
kiraak-boy
|
Disclosed:
Weakness: Violation of Secure Design Principles
Reflected XSS
Reported by:
kiraak-boy
|
Disclosed:
Weakness: Cross-site Scripting (XSS) - Generic
Open S3 Bucket Accessible by any Aws User
Reported by:
x_sh4dow
|
Disclosed:
Weakness: Improper Access Control - Generic
Imperfect CSRF To Overwrite Server Config at /go/admin/restful/configuration/file/POST/xml
Reported by:
4cad
|
Disclosed:
Medium
Weakness: Cross-Site Request Forgery (CSRF)
XSS In https://docs.gocd.org/current/
Reported by:
0nlymohammed
|
Disclosed:
Low
Weakness: Cross-site Scripting (XSS) - Generic
Spring security configuration allows agent sessions to be hijacked
Reported by:
4cad
|
Disclosed:
High
Weakness: Improper Authentication - Generic
Cross Site Scripting
Reported by:
kiraak-boy
|
Disclosed:
Weakness: Cross-site Scripting (XSS) - Generic
Directory Listening
Reported by:
kiraak-boy
|
Disclosed:
Weakness: Information Disclosure
XSS in new.loading.page.html
Reported by:
onlyaviv
|
Disclosed:
Low
Weakness: Cross-site Scripting (XSS) - Reflected
Reflected XSS vector
Reported by:
creased
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Generic
XSS in GOCD Analytics Plugin
Reported by:
onlyaviv
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - DOM