GoCD: Imperfect CSRF To Overwrite Server Config at /go/admin/restful/configuration/file/POST/xml
The /go/admin/restful/configuration/file/POST/xml path is vulnerable to Cross-Site Request Forgery that can result in an unauthorized user adding to the server cruise-config.xml and gaining complete control of the server. Successful exploitation is made difficult by the need for the admin to be...