Critical flaw in GoCD provides platform for supply chain attacks Vulnerability in software used by Fortune 500 firms raises fears of SolarWinds-like impact October 28, 2021 https://portswigger.net/daily-swig/critical-flaw-in-gocd-provides-platform-for-supply-chain-attacks SonarSource: Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD
GoCD bug chain provides second springboard to supply chain attacks Follow-up to recent GoCD disclosure provides additional path to infiltrating build environments November 11, 2021 https://portswigger.net/daily-swig/...es-second-springboard-to-supply-chain-attacks
