Show plain JSON{"containers": {"cna": {"affected": [{"product": "gocd", "vendor": "n/a", "versions": [{"status": "affected", "version": "19.6.0, 19.7.0, 19.8.0, 19.9.0, 19.10.0, 19.11.0, 19.12.0, 20.1.0, 20.2.0, 20.3.0, 20.4.0, 20.5.0, 20.6.0, 20.7.0, 20.8.0, 20.9.0, 20.10.0, 21.1.0"}]}], "descriptions": [{"lang": "en", "value": "In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. An attacker can trick a victim to click on a malicious link which could change backup configurations or execute system commands in the post_backup_script field."}], "problemTypes": [{"descriptions": [{"description": "Cross-Site Request Forgery", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-01T17:58:47", "orgId": "478c68dd-22c1-4a41-97cd-654224dfacff", "shortName": "Mend"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25924%2C"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/gocd/gocd/commit/7d0baab0d361c377af84994f95ba76c280048548"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com", "ID": "CVE-2021-25924", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "gocd", "version": {"version_data": [{"version_value": "19.6.0, 19.7.0, 19.8.0, 19.9.0, 19.10.0, 19.11.0, 19.12.0, 20.1.0, 20.2.0, 20.3.0, 20.4.0, 20.5.0, 20.6.0, 20.7.0, 20.8.0, 20.9.0, 20.10.0, 21.1.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. An attacker can trick a victim to click on a malicious link which could change backup configurations or execute system commands in the post_backup_script field."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-Site Request Forgery"}]}]}, "references": {"reference_data": [{"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25924,", "refsource": "MISC", "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25924,"}, {"name": "https://github.com/gocd/gocd/commit/7d0baab0d361c377af84994f95ba76c280048548", "refsource": "MISC", "url": "https://github.com/gocd/gocd/commit/7d0baab0d361c377af84994f95ba76c280048548"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:11:28.452Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25924%2C"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/gocd/gocd/commit/7d0baab0d361c377af84994f95ba76c280048548"}]}]}, "cveMetadata": {"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff", "assignerShortName": "Mend", "cveId": "CVE-2021-25924", "datePublished": "2021-04-01T17:58:47", "dateReserved": "2021-01-22T00:00:00", "dateUpdated": "2024-08-03T20:11:28.452Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}