GoCD, a popular Java CI/CD solution, has been found to have three additional vulnerabilities that can be exploited by attackers who previously bypassed authentication mechanisms. The first vulnerability allows attackers to impersonate administrators and force them to perform security-sensitive actions without their knowledge. The second vulnerability enables attackers to execute arbitrary commands on the server hosting GoCD. The third vulnerability involves a cross-site scripting attack, allowing attackers to inject malicious HTML elements into the job status page, which can be exploited to gain control of components within a release pipeline. These vulnerabilities have been addressed in GoCD version 21.3.0, and users are strongly recommended to upgrade to this version or later. The vulnerability disclosure process was handled efficiently by the GoCD Security Team, which reacted quickly to address the issues.