Cyber Security News

GoCD Patches Critical Vulnerability Allowing User Privilege Escalation

Cyware

Cyberattack Disrupts Online Services at Sarapu Town Hall

Summary: GoCD has released an urgent security update to fix a critical vulnerability (CVE-2024-56320) that allows authenticated users to escalate their privileges to administrator level. Users are advised to upgrade to version 24.5.0 to mitigate this risk.

Threat Actor: Malicious Insider | malicious insider
Victim: GoCD Users | GoCD Users

Key Point :

  • CVE-2024-56320 has a CVSS score of 9.4, indicating a critical vulnerability.
  • The flaw allows authenticated users to access admin-level information and escalate privileges.
  • Immediate upgrade to GoCD version 24.5.0 is strongly recommended.
  • Temporary mitigation measures include blocking access to vulnerable paths and reducing the user base.

Open-source CI/CD platform GoCD has released an urgent security update to address a critical vulnerability, CVE-2024-56320 (CVSS 9.4), that could allow malicious authenticated users to escalate their privileges to administrator level.

The vulnerability, identified in GoCD versions prior to 24.5.0, stems from “improper authorization of access to the admin ‘Configuration XML’ UI feature, and its associated API.” This flaw could enable attackers to gain unauthorized access to sensitive information and potentially take complete control of the GoCD system.

According to the official security advisory, “a malicious insider/existing authenticated GoCD user with an existing GoCD user account could abuse this vulnerability to access information intended only for GoCD admins, or to escalate their privileges to that of a GoCD admin in a persistent manner.”

The GoCD project emphasizes that this vulnerability cannot be exploited without prior authentication. “It is not possible for this vulnerability to be abused prior to authentication/login,” the advisory states.

Immediate Action Recommended

Users are strongly urged to update to GoCD version 24.5.0, which includes the necessary patch to remediate this vulnerability.

For those unable to immediately upgrade, the GoCD project suggests implementing temporary mitigation measures:

  • Block access to vulnerable paths: Utilize a reverse proxy, web application firewall (WAF), or similar security mechanism to block external access to paths with the /go/rails/ prefix. “Blocking this route causes no loss of functionality,” assures the advisory.
  • Reduce the user base: Limit access to GoCD to a smaller group of trusted users. This may involve temporarily disabling plugins like the “guest-login-plugin,” which allows limited anonymous access.

Organizations using GoCD are urged to take immediate action to protect their CI/CD pipelines from potential compromise.

Related Posts:

Source:
https://securityonline.info/gocd-patches-critical-vulnerability-allowing-user-privilege-escalation/