Login Sign Up

CVE-2021-44659

9.8 CRITICAL
SSRF

📋 TL;DR

CVE-2021-44659 is a Server-Side Request Forgery (SSRF) vulnerability in GoCD server version 21.3.0 that allows authenticated administrators to abuse pipeline creation functionality to make unintended outbound HTTP requests. This could enable attackers to interact with internal systems or bypass network controls. Only GoCD servers with admin users are affected.

💻 Affected Systems

Products:
  • GoCD Server
Versions: 21.3.0
Operating Systems: All platforms running GoCD
Default Config Vulnerable: ⚠️ Yes
Notes: Vendor disputes this is a vulnerability, stating the functionality is by design for admin-configured outbound requests.

📦 What is this software?

Gocd by Thoughtworks

View all CVEs affecting Gocd →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could pivot to internal systems, access cloud metadata services, or perform port scanning of internal networks through the vulnerable server.

🟠

Likely Case

Information disclosure from internal services, interaction with internal APIs, or limited internal network reconnaissance.

🟢

If Mitigated

Minimal impact if proper network segmentation and admin user controls are implemented.

🌐 Internet-Facing: MEDIUM - Requires admin credentials but could be exploited if admin accounts are compromised.
🏢 Internal Only: HIGH - Internal attackers with admin access could abuse this to pivot within the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires admin credentials. Public proof-of-concept code is available on GitHub.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch available as vendor disputes this is a vulnerability. Consider upgrading to latest GoCD version and reviewing configuration.

🔧 Temporary Workarounds

Restrict Admin Access

all

Limit admin user accounts to trusted personnel only and implement strong authentication controls.

Network Segmentation

all

Implement network controls to restrict GoCD server outbound connections to only necessary endpoints.

🧯 If You Can't Patch

  • Implement strict access controls for admin accounts with multi-factor authentication
  • Deploy network monitoring to detect unusual outbound requests from GoCD server

🔍 How to Verify

Check if Vulnerable:

Check GoCD server version. If running version 21.3.0, the system is potentially vulnerable if admin accounts exist.

Check Version:

Check GoCD server web interface or configuration files for version information.

Verify Fix Applied:

Upgrade to a version later than 21.3.0 and verify admin users cannot make unintended outbound requests through pipeline creation.

📡 Detection & Monitoring

Log Indicators:

  • Unusual pipeline creation events
  • Outbound HTTP requests to unexpected internal IPs

Network Indicators:

  • HTTP requests from GoCD server to internal services not typically accessed

SIEM Query:

source="gocd" AND (event="pipeline_created" OR http_request) AND dest_ip IN (internal_subnets)

📊 Metadata

CVE ID: CVE-2021-44659
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-918
Published: December 22, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-44659, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)