Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

GoCd Cruise Configuration disclosure

By kannthu

High
Vidoc logoVidoc Module
#go#gocd#config#exposure#misconfig
Description

What is the "GoCd Cruise Configuration disclosure?"

The "GoCd Cruise Configuration disclosure" module is designed to detect misconfigurations in the GoCD Cruise Configuration. GoCD is an open-source continuous delivery server that helps automate and streamline the build, test, and release processes. This module focuses on identifying specific sensitive information exposed in the configuration, such as server agentAutoRegisterKey, webhookSecret, and tokenGenerationKey. The severity of this vulnerability is classified as high.

Author: dhiyaneshDk

Impact

If the GoCD Cruise Configuration is exposed and contains sensitive information, it can be exploited by attackers to gain unauthorized access, manipulate pipelines, or perform other malicious activities. This can lead to a compromise of the entire continuous delivery process and potentially expose sensitive data or disrupt the software development lifecycle.

How does the module work?

The "GoCd Cruise Configuration disclosure" module works by sending an HTTP GET request to the "/go/add-on/business-continuity/api/cruise_config" endpoint. It then applies matching conditions to determine if the response indicates a misconfiguration. The matching conditions include checking for a successful HTTP status code (200) and the presence of specific keywords like "server agentAutoRegisterKey," "webhookSecret," and "tokenGenerationKey" in the response body.

Example HTTP request:

GET /go/add-on/business-continuity/api/cruise_config

The module matches the response against the defined conditions, and if all conditions are met, it reports the vulnerability.

Reference - https://attackerkb.com/assessments/9101a539-4c6e-4638-a2ec-12080b7e3b50 - https://blog.sonarsource.com/gocd-pre-auth-pipeline-takeover - https://twitter.com/wvuuuuuuuuuuuuu/status/1456316586831323140

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/go/add-on/business-...
Matching conditions
status: 200and
word: server agentAutoRegisterKey, webhookSecr...
Passive global matcher
No matching conditions.
On match action
Report vulnerability