CVE-2021-43286

Name of the Vulnerable Software and Affected Versions ThoughtWorks GoCD versions prior to 21.3.0

Description An issue was discovered in ThoughtWorks GoCD where an attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code.

Recommendations For versions prior to 21.3.0, update to version 21.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Test Connection" feature in the Git URL to minimize the risk of exploitation.