We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-56321

GoCD can allow malicious GoCD admins to abuse backup configuration to gain additional host access



Description

GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 (inclusive) can allow GoCD admins to abuse the backup configuration "post-backup script" feature to potentially execute arbitrary scripts on the hosting server or container as GoCD's user, rather than pre-configured scripts. In practice the impact of this vulnerability is limited, as in most configurations a user who can log into the GoCD UI as an admin also has host administration permissions for the host/container that GoCD runs on, in order to manage artifact storage and other service-level configuration options. Additionally, since a GoCD admin has ability to configure and schedule pipelines tasks on all GoCD agents available to the server, the fundamental functionality of GoCD allows co-ordinated task execution similar to that of post-backup-scripts. However in restricted environments where the host administration is separated from the role of a GoCD admin, this may be unexpected. The issue is fixed in GoCD 24.5.0. Post-backup scripts can no longer be executed from within certain sensitive locations on the GoCD server. No known workarounds are available.

Reserved 2024-12-18 | Published 2025-01-03 | Updated 2025-01-03 | Assigner GitHub_M


LOW: 3.8CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Problem types

CWE-20: Improper Input Validation

CWE-36: Absolute Path Traversal

Product status

>= 18.9.0, < 24.5.0
affected

References

github.com/gocd/gocd/security/advisories/GHSA-7jr3-gh3w-vjxq

github.com/...ommit/631f315d17fcb73f310eee6c881974c9b55ca9f0

github.com/gocd/gocd/releases/tag/24.5.0

www.gocd.org/releases/

cve.org (CVE-2024-56321)

nvd.nist.gov (CVE-2024-56321)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-56321

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.