{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-56321", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-12-18T23:44:51.604Z", "datePublished": "2025-01-03T15:41:40.737Z", "dateUpdated": "2025-01-03T17:50:41.277Z"}, "containers": {"cna": {"title": "GoCD can allow malicious GoCD admins to abuse backup configuration to gain additional host access", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-36", "lang": "en", "description": "CWE-36: Absolute Path Traversal", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/gocd/gocd/security/advisories/GHSA-7jr3-gh3w-vjxq", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/gocd/gocd/security/advisories/GHSA-7jr3-gh3w-vjxq"}, {"name": "https://github.com/gocd/gocd/commit/631f315d17fcb73f310eee6c881974c9b55ca9f0", "tags": ["x_refsource_MISC"], "url": "https://github.com/gocd/gocd/commit/631f315d17fcb73f310eee6c881974c9b55ca9f0"}, {"name": "https://github.com/gocd/gocd/releases/tag/24.5.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/gocd/gocd/releases/tag/24.5.0"}, {"name": "https://www.gocd.org/releases/#24-5-0", "tags": ["x_refsource_MISC"], "url": "https://www.gocd.org/releases/#24-5-0"}], "affected": [{"vendor": "gocd", "product": "gocd", "versions": [{"version": ">= 18.9.0, < 24.5.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-01-03T15:48:22.716Z"}, "descriptions": [{"lang": "en", "value": "GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 (inclusive) can allow GoCD admins to abuse the backup configuration \"post-backup script\" feature to potentially execute arbitrary scripts on the hosting server or container as GoCD's user, rather than pre-configured scripts. In practice the impact of this vulnerability is limited, as in most configurations a user who can log into the GoCD UI as an admin also has host administration permissions for the host/container that GoCD runs on, in order to manage artifact storage and other service-level configuration options. Additionally, since a GoCD admin has ability to configure and schedule pipelines tasks on all GoCD agents available to the server, the fundamental functionality of GoCD allows co-ordinated task execution similar to that of post-backup-scripts. However in restricted environments where the host administration is separated from the role of a GoCD admin, this may be unexpected. The issue is fixed in GoCD 24.5.0. Post-backup scripts can no longer be executed from within certain sensitive locations on the GoCD server. No known workarounds are available."}], "source": {"advisory": "GHSA-7jr3-gh3w-vjxq", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-03T17:49:54.699823Z", "id": "CVE-2024-56321", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-03T17:50:41.277Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-56321", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-03T17:49:54.699823Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-03T17:50:18.391Z"}}], "cna": {"title": "GoCD can allow malicious GoCD admins to abuse backup configuration to gain additional host access", "source": {"advisory": "GHSA-7jr3-gh3w-vjxq", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.8, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "gocd", "product": "gocd", "versions": [{"status": "affected", "version": ">= 18.9.0, < 24.5.0"}]}], "references": [{"url": "https://github.com/gocd/gocd/security/advisories/GHSA-7jr3-gh3w-vjxq", "name": "https://github.com/gocd/gocd/security/advisories/GHSA-7jr3-gh3w-vjxq", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/gocd/gocd/commit/631f315d17fcb73f310eee6c881974c9b55ca9f0", "name": "https://github.com/gocd/gocd/commit/631f315d17fcb73f310eee6c881974c9b55ca9f0", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/gocd/gocd/releases/tag/24.5.0", "name": "https://github.com/gocd/gocd/releases/tag/24.5.0", "tags": ["x_refsource_MISC"]}, {"url": "https://www.gocd.org/releases/#24-5-0", "name": "https://www.gocd.org/releases/#24-5-0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 (inclusive) can allow GoCD admins to abuse the backup configuration \"post-backup script\" feature to potentially execute arbitrary scripts on the hosting server or container as GoCD's user, rather than pre-configured scripts. In practice the impact of this vulnerability is limited, as in most configurations a user who can log into the GoCD UI as an admin also has host administration permissions for the host/container that GoCD runs on, in order to manage artifact storage and other service-level configuration options. Additionally, since a GoCD admin has ability to configure and schedule pipelines tasks on all GoCD agents available to the server, the fundamental functionality of GoCD allows co-ordinated task execution similar to that of post-backup-scripts. However in restricted environments where the host administration is separated from the role of a GoCD admin, this may be unexpected. The issue is fixed in GoCD 24.5.0. Post-backup scripts can no longer be executed from within certain sensitive locations on the GoCD server. No known workarounds are available."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-36", "description": "CWE-36: Absolute Path Traversal"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-01-03T15:48:22.716Z"}}}, "cveMetadata": {"cveId": "CVE-2024-56321", "state": "PUBLISHED", "dateUpdated": "2025-01-03T17:50:41.277Z", "dateReserved": "2024-12-18T23:44:51.604Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-01-03T15:41:40.737Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:thoughtworks:gocd:*:*:*:*:*:*:*:*", "matchCriteriaId": "E635C706-A9AD-4E3E-8ADB-D0E39CF5ECC9", "versionEndExcluding": "24.5.0", "versionStartIncluding": "18.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 (inclusive) can allow GoCD admins to abuse the backup configuration \"post-backup script\" feature to potentially execute arbitrary scripts on the hosting server or container as GoCD's user, rather than pre-configured scripts. In practice the impact of this vulnerability is limited, as in most configurations a user who can log into the GoCD UI as an admin also has host administration permissions for the host/container that GoCD runs on, in order to manage artifact storage and other service-level configuration options. Additionally, since a GoCD admin has ability to configure and schedule pipelines tasks on all GoCD agents available to the server, the fundamental functionality of GoCD allows co-ordinated task execution similar to that of post-backup-scripts. However in restricted environments where the host administration is separated from the role of a GoCD admin, this may be unexpected. The issue is fixed in GoCD 24.5.0. Post-backup scripts can no longer be executed from within certain sensitive locations on the GoCD server. No known workarounds are available."}, {"lang": "es", "value": "GoCD es un servidor de entrega continua. Las versiones de GoCD 18.9.0 a 24.4.0 (incluida) pueden permitir que los administradores de GoCD abusen de la funci\u00f3n de \"script posterior a la copia de seguridad\" de la configuraci\u00f3n de copia de seguridad para ejecutar potencialmente scripts arbitrarios en el servidor o contenedor de alojamiento como usuario de GoCD, en lugar de scripts preconfigurados. En la pr\u00e1ctica, el impacto de esta vulnerabilidad es limitado, ya que en la mayor\u00eda de las configuraciones, un usuario que puede iniciar sesi\u00f3n en la interfaz de usuario de GoCD como administrador tambi\u00e9n tiene permisos de administraci\u00f3n de host para el host/contenedor en el que se ejecuta GoCD, con el fin de administrar el almacenamiento de artefactos y otras opciones de configuraci\u00f3n a nivel de servicio. Adem\u00e1s, dado que un administrador de GoCD tiene la capacidad de configurar y programar tareas de canalizaci\u00f3n en todos los agentes de GoCD disponibles para el servidor, la funcionalidad fundamental de GoCD permite la ejecuci\u00f3n coordinada de tareas similar a la de los scripts posteriores a la copia de seguridad. Sin embargo, en entornos restringidos donde la administraci\u00f3n del host est\u00e1 separada del rol de un administrador de GoCD, esto puede ser inesperado. El problema se solucion\u00f3 en GoCD 24.5.0. Los scripts posteriores a la copia de seguridad ya no se pueden ejecutar desde ciertas ubicaciones confidenciales del servidor GoCD. No se conocen workarounds."}], "id": "CVE-2024-56321", "lastModified": "2025-08-01T20:03:29.550", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-01-03T16:15:26.340", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/gocd/gocd/commit/631f315d17fcb73f310eee6c881974c9b55ca9f0"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/gocd/gocd/releases/tag/24.5.0"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/gocd/gocd/security/advisories/GHSA-7jr3-gh3w-vjxq"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://www.gocd.org/releases/#24-5-0"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-36"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{}