Executive Summary

Informations
Name CVE-2022-36088 First vendor Publication 2022-09-07
Vendor Cve Last vendor Modification 2022-09-16

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact High Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD prior to 22.2.0 do not adequately restrict permissions when installing outside of the default location. This could allow a malicious user with local access to the server GoCD Server or Agent are installed on to modify executables or components of the installation. This does not affect zip file-based installs, installations to other platforms, or installations inside `Program Files` or `Program Files (x86)`. This issue is fixed in GoCD 22.2.0 installers. As a workaround, if the server or agent is installed outside of `Program Files (x86)`, verify the the permission of the Server or Agent installation directory to ensure the `Everyone` user group does not have `Full Control`, `Modify` or `Write` permissions.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36088

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2

Sources (Detail)

Source Url
CONFIRM https://github.com/gocd/gocd/security/advisories/GHSA-gpv4-xqhc-5vcj
MISC https://github.com/gocd/gocd/commit/96add9605096ab50c5cd4c229be1d503aff506a6
https://github.com/gocd/gocd/releases/tag/22.2.0
https://www.gocd.org/releases/#22-2-0

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2022-09-16 21:27:22
  • Multiple Updates
2022-09-08 09:27:12
  • Multiple Updates
2022-09-08 05:27:11
  • First insertion