CVE-2022-29182 is a DOM-based Cross-Site Scripting (XSS) vulnerability affecting GoCD, a continuous delivery server widely used for automating software deployment pipelines. The vulnerability exists in GoCD versions 19.11.0 through 21.4.0 inclusive. Specifically, the issue arises in the Stage Details > Graphs tab of a pipeline run, where improper neutralization of input allows malicious scripts to be injected and executed within the context of a user's browser session. The attack vector involves abuse of a messaging channel used for communication between the parent page and an iframe displaying the stage details graph. An attacker hosting a malicious website can trick a GoCD user into visiting their site, which then exploits this messaging channel to execute arbitrary JavaScript in the user's browser. This can lead to theft of session cookies, enabling session hijacking, or execution of other malicious code with the privileges of the authenticated GoCD user. The vulnerability is classified under CWE-79, indicating improper input sanitization during web page generation. The flaw was fixed in GoCD version 22.1.0, and no known workarounds exist for vulnerable versions. There are currently no reports of active exploitation in the wild. The vulnerability requires the victim to interact with a malicious site, but no authentication bypass is involved beyond the victim being logged into GoCD. The impact is limited to users who access the vulnerable interface and interact with the malicious content, but the consequences can be severe if session tokens or credentials are compromised, potentially allowing attackers to manipulate CI/CD pipelines or access sensitive build and deployment data.

For European organizations, this vulnerability poses a significant risk to the integrity and confidentiality of their software delivery processes. GoCD is used by enterprises to automate and manage complex deployment pipelines, often involving sensitive intellectual property and production infrastructure. Successful exploitation could allow attackers to hijack user sessions, leading to unauthorized access to pipeline configurations, source code repositories, or deployment environments. This could result in unauthorized code changes, insertion of malicious code into production builds, or disruption of delivery workflows. The attack requires user interaction with a malicious site, but given the prevalence of phishing and social engineering, the risk remains tangible. Organizations in sectors with stringent compliance requirements, such as finance, healthcare, and critical infrastructure, could face regulatory and reputational damage if their CI/CD systems are compromised. Additionally, the lack of known workarounds means vulnerable instances remain exposed until upgraded, increasing the window of risk. The medium severity rating reflects the attack complexity and scope, but the potential downstream impact on software supply chain security elevates the threat's importance for European enterprises relying on GoCD.

1. Immediate upgrade to GoCD version 22.1.0 or later is the most effective mitigation to eliminate the vulnerability. 2. Restrict access to the GoCD web interface using network segmentation and firewall rules to limit exposure to trusted users and networks only. 3. Implement strict Content Security Policy (CSP) headers on the GoCD server to reduce the risk of executing unauthorized scripts. 4. Educate users about phishing and social engineering risks to reduce the likelihood of visiting attacker-controlled sites. 5. Monitor GoCD logs and user activity for unusual behavior that could indicate exploitation attempts. 6. Where possible, enforce multi-factor authentication (MFA) on GoCD user accounts to reduce the impact of stolen session cookies. 7. Consider deploying web application firewalls (WAFs) with custom rules to detect and block suspicious messaging channel abuse patterns. 8. Regularly audit and review pipeline configurations and access controls to detect unauthorized changes promptly. These steps go beyond generic advice by focusing on layered defenses tailored to the nature of this DOM-based XSS and the operational context of GoCD.