Woodpecker-ci

Woodpecker

4 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-41121

  • EPSS 0.33%
  • Published 19.07.2024 20:15:08
  • Last modified 21.11.2024 09:32:16

Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the...

8.8

CVE-2024-41122

  • EPSS 0.23%
  • Published 19.07.2024 20:15:08
  • Last modified 21.11.2024 09:32:16

Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the...

8.1

CVE-2023-40034

  • EPSS 0.3%
  • Published 16.08.2023 21:15:10
  • Last modified 21.11.2024 08:18:33

Woodpecker is a community fork of the Drone CI system. In affected versions an attacker can post malformed webhook data witch lead to an update of the repository data that can e.g. allow the takeover of an repo. This is only critical if the CI is con...

6.1

CVE-2022-29947

  • EPSS 0.23%
  • Published 29.04.2022 21:15:07
  • Last modified 21.11.2024 07:00:02

Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping.