CVE-2022-39310

Name of the Vulnerable Software and Affected Versions GoCD versions prior to 21.1.0

Description The issue allows one authenticated agent to impersonate another agent due to broken access control and incorrect validation of agent tokens within the GoCD server. This can cause accidental information disclosure, as work packages can contain sensitive information such as credentials intended only for a given job running against a specific agent environment. Exploitation requires knowledge of agent identifiers and the ability to authenticate as an existing agent with the GoCD server.

Recommendations For GoCD versions prior to 21.1.0, update to version 21.1.0 to resolve the issue.