CVE-2024-41121
- EPSS 0.33%
- Veröffentlicht 19.07.2024 20:15:08
- Zuletzt bearbeitet 21.11.2024 09:32:16
Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the...
CVE-2024-41122
- EPSS 0.23%
- Veröffentlicht 19.07.2024 20:15:08
- Zuletzt bearbeitet 21.11.2024 09:32:16
Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the...
CVE-2023-40034
- EPSS 0.3%
- Veröffentlicht 16.08.2023 21:15:10
- Zuletzt bearbeitet 21.11.2024 08:18:33
Woodpecker is a community fork of the Drone CI system. In affected versions an attacker can post malformed webhook data witch lead to an update of the repository data that can e.g. allow the takeover of an repo. This is only critical if the CI is con...
CVE-2022-29947
- EPSS 0.23%
- Veröffentlicht 29.04.2022 21:15:07
- Zuletzt bearbeitet 21.11.2024 07:00:02
Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping.