CVE-2025-36364
📋 TL;DR
IBM DevOps Plan versions 3.0.0 through 3.0.5 store web page cache locally without proper isolation, allowing other users on the same system to read cached data. This affects organizations using these versions of IBM DevOps Plan on multi-user systems where local file access is shared.
💻 Affected Systems
- IBM DevOps Plan
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Sensitive DevOps data (credentials, configuration details, proprietary code) cached in web pages could be extracted by other local users, leading to data breach, privilege escalation, or lateral movement.
Likely Case
Other users on the same system can access cached web content containing potentially sensitive DevOps information, though the exact data exposed depends on what was cached.
If Mitigated
With proper user isolation and access controls, risk is limited as only authorized users can access the local cache directories.
🎯 Exploit Status
Exploitation requires local system access and ability to read files from other users' cache directories. No authentication bypass needed beyond local file system access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.0.6 or later
Vendor Advisory: https://www.ibm.com/support/pages/node/7261930
Restart Required: Yes
Instructions:
1. Download IBM DevOps Plan version 3.0.6 or later from IBM support. 2. Stop the IBM DevOps Plan service. 3. Install the updated version. 4. Restart the service. 5. Verify the cache isolation is properly implemented.
🔧 Temporary Workarounds
Implement strict file permissions
linuxSet restrictive permissions on IBM DevOps Plan cache directories to prevent other users from reading them
chmod 700 /path/to/devops/cache
chown devopsuser:devopsgroup /path/to/devops/cache
Use separate user accounts
allEnsure IBM DevOps Plan runs under a dedicated user account with no other users sharing that account
🧯 If You Can't Patch
- Implement strict user isolation policies to prevent multiple users from accessing the same system
- Regularly clear the web cache and monitor cache directories for unauthorized access attempts
🔍 How to Verify
Check if Vulnerable:
Check IBM DevOps Plan version via web interface or configuration files. If version is between 3.0.0 and 3.0.5 inclusive, the system is vulnerable.Check Version:
Check the version in the web interface or examine the installation directory for version filesVerify Fix Applied:
After patching to 3.0.6+, verify that cache directories have proper permissions (700 on Linux) and are only accessible by the service account.📡 Detection & Monitoring
Log Indicators:
- Failed access attempts to cache directories from unauthorized users
- Unusual file read patterns in cache directories
Network Indicators:
- No network-based indicators as this is a local vulnerability
SIEM Query:
source="file_access_logs" AND target_path="*devops*cache*" AND user!="devops_service_account"