Lucene search

GoogleOSV:GO-2024-2999

HistoryAug 06, 2024 - 10:03 p.m.

Woodpecker's custom workspace allow to overwrite plugin entrypoint executable in go.woodpecker-ci.org/woodpecker

2024-08-0622:03:16

Google

osv.dev

workspace

overwrite

plugin

entrypoint

executable

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

JSON

Woodpecker’s custom workspace allow to overwrite plugin entrypoint executable in go.woodpecker-ci.org/woodpecker

References

github.com/woodpecker-ci/woodpecker/commit/764329ed1dbc47c4a517ccc749e3feb34059fac8

github.com/woodpecker-ci/woodpecker/issues/3924

github.com/woodpecker-ci/woodpecker/pull/3933

github.com/woodpecker-ci/woodpecker/security/advisories/GHSA-xw35-rrcp-g7xm

nvd.nist.gov/vuln/detail/CVE-2024-41121

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

JSON

Related for OSV:GO-2024-2999