Infoatb

**Name of the Vulnerable Software and Affected Versions** GoCD versions 20.5.0 through 23.1.0 **Description** The issue arises when the server environment is not correctly configured to provide access to the relevant PostgreSQL or MySQL backup tools, potentially leaking database access credentials to admin alerts on the GoCD user interface. This occurs if the GoCD server host is misconfigured to have backups enabled but lacks access to the `pg dump` or `mysqldump` utility tools for the configured database type. The vulnerability does not affect backups of the default on-disk H2 database. **Recommendations** For GoCD versions 20.5.0 through 23.1.0, upgrade to GoCD 23.1.0 to resolve the issue. For users unable to upgrade, consider disabling backups as a temporary workaround. Alternatively, ensure that the required `pg dump` (PostgreSQL) or `mysqldump` (MySQL) binaries are available on the GoCD server when backups are triggered.