Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

GoCd Unauth Dashboard

By kannthu

Medium
Vidoc logoVidoc Module
#go#gocd#unauth#misconfig
Description

What is the "GoCd Unauth Dashboard" module?

The "GoCd Unauth Dashboard" module is a test case designed to detect misconfigurations in the GoCD software. GoCD is an open-source continuous delivery server that helps automate and streamline the build, test, and release processes. This module specifically targets the unauthenticated dashboard of GoCD.

This module has a severity level of medium, indicating that it can potentially lead to security vulnerabilities if left unaddressed.

Impact

If the "GoCd Unauth Dashboard" module detects a misconfiguration, it means that the GoCD dashboard is accessible without authentication. This can expose sensitive information and potentially allow unauthorized access to the GoCD server.

How the module works?

The "GoCd Unauth Dashboard" module works by sending an HTTP GET request to the "/go/admin/pipelines/create?group=defaultGroup" endpoint of the GoCD server. It then applies a series of matching conditions to determine if the misconfiguration is present.

The matching conditions for this module are as follows:

- The response body must contain the HTML title tag "<title>Create a pipeline - Go</title>". - The response headers must include the "Content-Type" header with a value of "text/html". - The response status code must be 200.

If all of these conditions are met, the module will report a vulnerability, indicating that the GoCD dashboard is accessible without authentication.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/go/admin/pipelines/...
Matching conditions
word: <title>Create a pipeline - Go</title>and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability