CVE-2022-29182

Name of the Vulnerable Software and Affected Versions GoCD versions 19.11.0 through 21.4.0

Description GoCD is a continuous delivery server that is vulnerable to a Document Object Model (DOM)-based cross-site scripting attack via a pipeline run's Stage Details > Graphs tab. This could allow an attacker to steal a GoCD user's session cookies and/or execute malicious code in the user's context by abusing a messaging channel used for communication between the parent page and the stage details graph's iframe.

Recommendations For GoCD versions 19.11.0 through 21.4.0, update to GoCD 22.1.0 to resolve the issue. At the moment, there are no known workarounds for this issue.