CVE-2021-44659

Name of the Vulnerable Software and Affected Versions: GoCD server version 21.3.0

Description: The issue concerns a functionality in the GoCD server that could be exploited to achieve a Server Side Request Forgery (SSRF). This is possible when adding a new pipeline. The vendor's position is that the observed behavior is not a vulnerability, as the product's design allows an admin to configure outbound requests.

Recommendations: For GoCD server version 21.3.0, consider restricting the configuration of outbound requests to minimize the risk of exploitation. As a temporary workaround, review and limit the use of the pipeline functionality until further guidance is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.