Woodpecker CI/CD Engine Vulnerability: Upgrade Now to Avoid Malicious Workflows
CVE-2024-41122

8.8HIGH

Key Information:

Vendor

Woodpecker-ci

Status
Woodpecker
Vendor
CVE Published:
19 July 2024

What is CVE-2024-41122?

The Woodpecker CI/CD engine has a significant security vulnerability that allows unauthorized users to create malicious workflows capable of executing harmful actions on host systems. Specifically, these workflows can lead to a complete host takeover by executing arbitrary code with elevated privileges or facilitate the unauthorized extraction of sensitive secrets stored within the application. To mitigate this risk, affected users should promptly upgrade to the fixed version, 2.7.0, as there are currently no known workarounds available.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

woodpecker < 2.7.0

References

https://github.com/woodpecker-ci/woodpecker/security/advi...
x_refsource_CONFIRM
https://github.com/woodpecker-ci/woodpecker-security/issu...
x_refsource_MISC
https://github.com/woodpecker-ci/woodpecker/issues/3929
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.