CVE-2021-43287

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-43287

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43287.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-43287

Published

2022-04-14T12:15:07.717Z

Modified

2025-11-20T11:56:17.191630Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers.

References

Affected packages

Git / github.com/gocd/gocd

Affected ranges

Type: GIT
Repo: https://github.com/gocd/gocd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

41abc210ac4e8cfa184483c9ff1c0cc04fb3511c

Affected versions

14.*

14.2.0

14.3.0

14.4.0

15.*

15.1.0

15.2.0

15.3.0

15.3.1

16.*

16.1.0

16.10.0

16.11.0

16.12.0

16.2.0

16.3.0

16.4.0

16.5.0

16.6.0

16.7.0

16.8.0

16.9.0

17.*

17.1.0

17.10.0

17.11.0

17.12.0

17.2.0

17.3.0

17.4.0

17.5.0

17.6.0

17.7.0

17.8.0

17.9.0

18.*

18.1.0

18.10.0

18.11.0

18.12.0

18.2.0

18.3.0

18.4.0

18.5.0

18.6.0

18.7.0

18.8.0

18.9.0

19.*

19.1.0

19.10.0

19.11.0

19.12.0

19.2.0

19.3.0

19.4.0

19.5.0

19.6.0

19.7.0

19.8.0

19.9.0

20.*

20.1.0

20.10.0

20.2.0

20.3.0

20.4.0

20.5.0

20.6.0

20.7.0

20.8.0

20.9.0

21.*

21.1.0

21.2.0

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "source": "https://github.com/gocd/gocd/commit/41abc210ac4e8cfa184483c9ff1c0cc04fb3511c",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "162211121821750773473144286713610008554",
                "69291429028746565225783084249821371262",
                "281471459758238047650573224173810454845",
                "223629736935696393218652085313454113683",
                "300320787969519129163131813488521038145",
                "184721705537119770187599095455167292773",
                "256013375759424369261868025196750318300",
                "53669328418647435659538602581457945324",
                "203781855448791209955411873420413770768"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "id": "CVE-2021-43287-bd2a1f11",
        "target": {
            "file": "server/src/main/java/com/thoughtworks/go/addon/businesscontinuity/standby/controller/DashBoardController.java"
        }
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/gocd/gocd/commit/41abc210ac4e8cfa184483c9ff1c0cc04fb3511c",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "18064623769372598632024066551605813789",
                "324731096186434849409755653426108024523",
                "47045895498496245405711633620660227826",
                "273911606524041354210993159174584419990"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "id": "CVE-2021-43287-d5074253",
        "target": {
            "file": "server/src/main/java/com/thoughtworks/go/addon/businesscontinuity/primary/controller/PrimaryStatusProviderController.java"
        }
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43287.json"