GoCD < 21.3.0 Path Traversal (Direct)

critical Nessus Plugin ID 157068

Synopsis

The GoCD web application running on the remote host is affected by a directory traversal vulnerability.

Description

The GoCD web application running on the remote host has the Business Continuity add-on enabled by default. It is, therefore, affected by a directory traversal vulnerability due to an improper access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains directory traversal characters, to disclose the contents of files located outside of the server's restricted path.

Solution

Update to GoCD 21.3.0 or later.

See Also

https://www.gocd.org/releases/#21-3-0

https://blog.sonarsource.com/gocd-pre-auth-pipeline-takeover

Plugin Details

Severity: Critical

ID: 157068

File Name: gocd_path_traversal.nbin

Version: 1.52

Type: remote

Family: CGI abuses

Published: 1/25/2022

Updated: 11/22/2024

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score based on in depth analysis of the vendor advisory by tenable.

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:thoughtworks:gocd

Required KB Items: installed_sw/GoCD

Patch Publication Date: 10/27/2021

Vulnerability Publication Date: 10/27/2021