7 matches found
EUVD-2026-37897
Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...
CVE-2026-50141
Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...
CVE-2026-50141 Woodpecker gRPC agent_id metadata can be spoofed- cross-tenant agent impersonation
Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...
CVE-2024-41122
Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...
EUVD-2024-2240
Malicious code in bioql PyPI...
Malicious code in woodpecker-ci (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cff5749234f2b25995b0c9e8c5b6baa0434340fe0646aa21e19eef1e6612812a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-12060 Malicious code in woodpecker-ci (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cff5749234f2b25995b0c9e8c5b6baa0434340fe0646aa21e19eef1e6612812a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...