Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "GoCd Unauth Dashboard" module is a test case designed to detect misconfigurations in the GoCD software. GoCD is an open-source continuous delivery server that helps automate and streamline the build, test, and release processes. This module specifically targets the unauthenticated dashboard of GoCD.
This module has a severity level of medium, indicating that it can potentially lead to security vulnerabilities if left unaddressed.
If the "GoCd Unauth Dashboard" module detects a misconfiguration, it means that the GoCD dashboard is accessible without authentication. This can expose sensitive information and potentially allow unauthorized access to the GoCD server.
The "GoCd Unauth Dashboard" module works by sending an HTTP GET request to the "/go/admin/pipelines/create?group=defaultGroup" endpoint of the GoCD server. It then applies a series of matching conditions to determine if the misconfiguration is present.
The matching conditions for this module are as follows:
- The response body must contain the HTML title tag "<title>Create a pipeline - Go</title>
".
- The response headers must include the "Content-Type" header with a value of "text/html
".
- The response status code must be 200
.
If all of these conditions are met, the module will report a vulnerability, indicating that the GoCD dashboard is accessible without authentication.