GoCD < 21.3.0 Path Traversal

critical Nessus Plugin ID 157066

Synopsis

The GoCD web application running on the remote host is affected by a directory traversal vulnerability.

Description

The GoCD web application running on the remote host has the Business Continuity add-on enabled by default. It is, therefore, affected by a directory traversal vulnerability due to an improper access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains directory traversal characters, to disclose the contents of files located outside of the server's restricted path.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update to GoCD 21.3.0 or later.

See Also

https://www.gocd.org/releases/#21-3-0

https://blog.sonarsource.com/gocd-pre-auth-pipeline-takeover

Plugin Details

Severity: Critical

ID: 157066

File Name: gocd_21_3_0.nasl

Version: 1.2

Type: remote

Family: CGI abuses

Published: 1/25/2022

Updated: 1/25/2022

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score based on in depth analysis of the vendor advisory by tenable.

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:thoughtworks:gocd

Required KB Items: installed_sw/GoCD

Patch Publication Date: 10/27/2021

Vulnerability Publication Date: 10/27/2021