CVE-2021-44659

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-44659

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-44659.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-44659

Published

2021-12-22T18:15:08.013Z

Modified

2026-04-10T04:41:28.745196Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). NOTE: the vendor's position is that the observed behavior is not a vulnerability, because the product's design allows an admin to configure outbound requests

References

Affected packages

Git / github.com/gocd/gocd

Affected ranges

Type

GIT

Repo

https://github.com/gocd/gocd

Events

Introduced

Last affected

4c4bb4780eb0d3fc4cacfc4cfcc0b07e2eaf0595

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "21.3.0"
        }
    ]
}

Affected versions

14.*

14.2.0

14.3.0

14.4.0

15.*

15.1.0

15.2.0

15.3.0

16.*

16.1.0

16.10.0

16.11.0

16.12.0

16.2.0

16.3.0

16.4.0

16.5.0

16.6.0

16.7.0

16.8.0

16.9.0

17.*

17.1.0

17.10.0

17.11.0

17.12.0

17.2.0

17.3.0

17.4.0

17.5.0

17.6.0

17.7.0

17.8.0

17.9.0

18.*

18.1.0

18.10.0

18.11.0

18.12.0

18.2.0

18.3.0

18.4.0

18.5.0

18.6.0

18.7.0

18.8.0

18.9.0

19.*

19.1.0

19.10.0

19.11.0

19.12.0

19.2.0

19.3.0

19.4.0

19.5.0

19.6.0

19.7.0

19.8.0

19.9.0

20.*

20.1.0

20.10.0

20.2.0

20.3.0

20.4.0

20.5.0

20.6.0

20.7.0

20.8.0

20.9.0

21.*

21.1.0

21.2.0

21.3.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-44659.json"