Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.6 views

CVE-2026-57296

Jenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences in the custom workspace path provided to the exwsAllocate Pipeline step, allowing attackers with Item/Configure permission to read arbitrary files on the Jenkins controller file system, which can...

8.8CVSS6.3AI score0.00595EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/07/19 7:59 p.m.16 views

Woodpecker's custom workspace allow to overwrite plugin entrypoint executable

Impact The server allow to create any user who can trigger a pipeline run malicious workflows: - Those workflows can either lead to a host takeover that runs the agent executing the workflow. - Or allow to extract the secrets who would be normally provided to the plugins who's entrypoint are...

8.8CVSS6.8AI score0.00737EPSS
Exploits0References10Affected Software2
OSV
OSV
added 2024/07/19 7:59 p.m.18 views

GHSA-XW35-RRCP-G7XM Woodpecker's custom workspace allow to overwrite plugin entrypoint executable

Impact The server allow to create any user who can trigger a pipeline run malicious workflows: - Those workflows can either lead to a host takeover that runs the agent executing the workflow. - Or allow to extract the secrets who would be normally provided to the plugins who's entrypoint are...

8.8CVSS8.6AI score0.00737EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/07/19 12:0 a.m.7 views

PT-2024-29277 · Unknown · Woodpecker

Name of the Vulnerable Software and Affected Versions: Woodpecker versions prior to 2.7.0 Description: The server allows any user to create and trigger malicious workflows, potentially leading to a host takeover or extraction of secrets normally provided to plugins. This issue can be exploited...

8.8CVSS7AI score0.00737EPSS
Exploits0References15
Rows per page
Query Builder