Baiyecha404

**Name of the Vulnerable Software and Affected Versions** GoCD versions prior to 24.4.0 **Description** The issue is related to the incorrect restriction of XML external entity references in GoCD, a continuous delivery server. This can allow "group admins" to abuse the ability to edit raw XML configurations, potentially leading to XML External Entity (XXE) injection attacks on the GoCD server. Theoretically, this could result in additional attacks such as Server-Side Request Forgery (SSRF), information disclosure, and directory traversal. However, these additional attacks have not been explicitly demonstrated as exploitable. **Recommendations** For versions prior to 24.4.0, consider updating to version 24.5.0 or later, which includes the fix for this issue. As a temporary workaround, consider blocking access to `/go/*/pipelines/snippet` routes from an external reverse proxy or WAF if "group admin" users do not need the functionality to edit the XML of pipelines directly. Additionally, consider preventing external access from the GoCD server to arbitrary locations using environment egress control.

**Name of the Vulnerable Software and Affected Versions** GoCD versions prior to 24.5.0 **Description** The issue is related to improper authorization of access to the admin "Configuration XML" UI feature and its associated API in the GoCD system, allowing a malicious insider or existing authenticated user to escalate their privileges to that of a GoCD admin. The vulnerability can be exploited by a remote attacker, but it requires existing authentication. The estimated number of potentially affected devices is not specified. **Recommendations** For GoCD versions prior to 24.5.0, upgrade to version 24.5.0 to fix the issue. As a temporary workaround, consider using a reverse proxy, WAF, or similar to externally block access paths with a `/go/rails/` prefix. If it is not possible to upgrade or block the above route, consider reducing the GoCD user base to a more trusted set of users, including temporarily disabling the use of plugins such as the guest-login-plugin.

**Name of the Vulnerable Software and Affected Versions** GoCD versions 16.7.0 through 24.4.0 **Description** The issue is related to an XML External Entity (XXE) injection vulnerability in the GoCD server, which can be exploited by a remote attacker. This vulnerability is associated with the incorrect restriction of XML links to external objects. The impact of this vulnerability is limited, as only GoCD admins have the ability to abuse it. However, a malicious GoCD admin can cause significant damage. **Recommendations** For GoCD versions 16.7.0 through 24.4.0, update to version 24.5.0 to resolve the issue. As a temporary workaround, consider preventing external access from the GoCD server to arbitrary locations using environment egress control.

**Name of the Vulnerable Software and Affected Versions** GoCD versions 18.9.0 through 24.4.0 **Description** The issue exists due to incorrect restriction of the path name to a directory with limited access. This can allow a remote attacker to execute arbitrary code. Specifically, GoCD admins can abuse the backup configuration "post-backup script" feature to potentially execute arbitrary scripts on the hosting server or container as GoCD's user. The impact of this vulnerability is limited in most configurations, as a user who can log into the GoCD UI as an admin often has host administration permissions. However, in restricted environments where host administration is separated from the role of a GoCD admin, this may be unexpected. **Recommendations** For GoCD versions 18.9.0 through 24.4.0, update to version 24.5.0 or later, where post-backup scripts can no longer be executed from within certain sensitive locations on the GoCD server. As a temporary workaround, consider restricting access to the backup configuration "post-backup script" feature to minimize the risk of exploitation. Additionally, restrict the ability of GoCD admins to configure and schedule pipeline tasks on all GoCD agents available to the server, to prevent co-ordinated task execution similar to that of post-backup-scripts.

**Name of the Vulnerable Software and Affected Versions** LinkedIn dustjs versions up to 2.x LinkedIn dustjs version 3.0.0 **Description** A vulnerability was found in LinkedIn dustjs, allowing for improperly controlled modification of object prototype attributes, also known as 'prototype pollution'. This issue can be exploited remotely. The exploit has been disclosed to the public. **Recommendations** For LinkedIn dustjs versions up to 2.x, upgrade to version 3.0.0 to address this issue. For LinkedIn dustjs version 3.0.0, upgrade to version 3.0.1 to address this issue.