This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: A critical info leak & RCE in GoCD. π **Consequences**: Attackers can execute arbitrary code and steal secrets/keys via command injection in Git URL testing. π₯
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: Command Injection. π **Flaw**: The Git URL 'Test Connection' feature fails to sanitize inputs, allowing malicious commands to run on the server. β οΈ
Q3Who is affected? (Versions/Components)
π― **Affected**: ThoughtWorks GoCD. π **Versions**: All versions **prior to 21.3.0**. π¦ **Component**: CI/CD Server pipeline creation module. π
βοΈ **Threshold**: Medium. π **Auth**: Requires ability to **create new pipelines** on the server. πͺ **Config**: No unauthenticated access needed; needs basic pipeline creation rights. π
Q6Is there a public Exp? (PoC/Wild Exploitation)
π£ **Public Exp**: YES. π **PoC/EXP**: Available on GitHub (Wrin9) and Nuclei templates. π **Status**: Active exploitation tools exist for file read and command execution. π»
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Use Nuclei templates or PoC scripts. π‘ **Scan**: Target the Git URL 'Test Connection' endpoint. π§ͺ **Verify**: Check for command output or file content leakage. π
Q8Is it fixed officially? (Patch/Mitigation)
β **Fixed**: YES. π οΈ **Patch**: Upgrade to **GoCD 21.3.0** or later. π₯ **Source**: Official release notes and GitHub commits confirm the fix. π
Q9What if no patch? (Workaround)
π§ **No Patch?**: Restrict pipeline creation permissions. π« **Mitigation**: Block external Git URL testing or isolate the server. π‘οΈ **Action**: Limit network access to GoCD admin interfaces. π
Q10Is it urgent? (Priority Suggestion)
π₯ **Urgency**: HIGH. π¨ **Priority**: Critical. β‘ **Reason**: Easy to exploit, leads to full server compromise & data theft. π **Action**: Patch immediately! πββοΈ