Chadlwilson

**Name of the Vulnerable Software and Affected Versions** GoCD versions 20.2.0 through 21.4.0 **Description** GoCD is a continuous delivery server. The issue concerns reflected cross-site scripting via abuse of the pipeline comparison function's error handling to render arbitrary HTML into the returned page. This could allow an attacker to trick a victim into executing code, which would allow the attacker to operate on, or gain control over the same resources as the victim had access to. **Recommendations** For GoCD versions 20.2.0 through 21.4.0, update to GoCD 21.4.0 to resolve the issue. As a temporary workaround, consider blocking access to "/go/compare/.*" prior to the GoCD Server via a reverse proxy, web application firewall, or equivalent, to prevent use of the pipeline comparison function.

**Name of the Vulnerable Software and Affected Versions** GoCD versions prior to 22.1.0 **Description** The issue affects the gocd-ldap-authentication-plugin bundled with the GoCD Server, which fails to correctly escape special characters when using the `username` to construct LDAP queries. This allows an existing LDAP-authenticated GoCD user with malicious intent to construct and execute malicious queries, enabling them to deduce facts about other users or entries within the LDAP database through brute force mechanisms. The issue only affects users with a working LDAP authorization configuration enabled on their GoCD server and is exploitable by users authenticating using such an LDAP configuration. **Recommendations** For versions prior to 22.1.0, update to GoCD 22.1.0, which is bundled with gocd-ldap-authentication-plugin v2.2.0-144, to resolve the issue. As a temporary workaround, consider restricting access to the LDAP authentication configuration to minimize the risk of exploitation.