4 matches found
CVE-2026-57296
Jenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences in the custom workspace path provided to the exwsAllocate Pipeline step, allowing attackers with Item/Configure permission to read arbitrary files on the Jenkins controller file system, which can...
Woodpecker's custom workspace allow to overwrite plugin entrypoint executable
Impact The server allow to create any user who can trigger a pipeline run malicious workflows: - Those workflows can either lead to a host takeover that runs the agent executing the workflow. - Or allow to extract the secrets who would be normally provided to the plugins who's entrypoint are...
GHSA-XW35-RRCP-G7XM Woodpecker's custom workspace allow to overwrite plugin entrypoint executable
Impact The server allow to create any user who can trigger a pipeline run malicious workflows: - Those workflows can either lead to a host takeover that runs the agent executing the workflow. - Or allow to extract the secrets who would be normally provided to the plugins who's entrypoint are...
PT-2024-29277 · Unknown · Woodpecker
Name of the Vulnerable Software and Affected Versions: Woodpecker versions prior to 2.7.0 Description: The server allows any user to create and trigger malicious workflows, potentially leading to a host takeover or extraction of secrets normally provided to plugins. This issue can be exploited...