This article is contributed. See the original author and article here.
GoCD has released a security update to address a critical authentication vulnerability in GoCD versions 20.6.0 through 21.2.0. GoCD is an open-source Continuous Integration and Continuous Delivery system. A remote attacker could exploit this vulnerability to obtain sensitive information.
CISA encourages users and administrators to update to GoCD 21.3.0 or apply the necessary workarounds.
For more information, see Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.