4 matches found
GO-2024-2998 Woodpecker's custom environment variables allow to alter execution flow of plugins in go.woodpecker-ci.org/woodpecker
Woodpecker's custom environment variables allow to alter execution flow of plugins in go.woodpecker-ci.org/woodpecker...
GHSA-3WF2-2PQ4-4RVC Woodpecker's custom environment variables allow to alter execution flow of plugins
Impact The server allow to create any user who can trigger a pipeline run malicious workflows: - Those workflows can either lead to a host takeover that runs the agent executing the workflow. - Or allow to extract the secrets who would be normally provided to the plugins who's entrypoint are...
CVE-2024-41122 Custom environment variables allow to alter execution flow of plugins in Woodpecker
Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...
CVE-2024-41122 Custom environment variables allow to alter execution flow of plugins in Woodpecker
Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...