CVE-2024-56322

Name of the Vulnerable Software and Affected Versions GoCD versions 16.7.0 through 24.4.0

Description The issue is related to an XML External Entity (XXE) injection vulnerability in the GoCD server, which can be exploited by a remote attacker. This vulnerability is associated with the incorrect restriction of XML links to external objects. The impact of this vulnerability is limited, as only GoCD admins have the ability to abuse it. However, a malicious GoCD admin can cause significant damage.

Recommendations For GoCD versions 16.7.0 through 24.4.0, update to version 24.5.0 to resolve the issue. As a temporary workaround, consider preventing external access from the GoCD server to arbitrary locations using environment egress control.