Woodpecker's custom workspace allow to overwrite plugin entrypoint executable

Impact The server allow to create any user who can trigger a pipeline run malicious workflows: - Those workflows can either lead to a host takeover that runs the agent executing the workflow. - Or allow to extract the secrets who would be normally provided to the plugins who's entrypoint are...

GHSA-XW35-RRCP-G7XM Woodpecker's custom workspace allow to overwrite plugin entrypoint executable

Impact The server allow to create any user who can trigger a pipeline run malicious workflows: - Those workflows can either lead to a host takeover that runs the agent executing the workflow. - Or allow to extract the secrets who would be normally provided to the plugins who's entrypoint are...

PT-2024-40989 · Skopeo · Skopeo

Name of the Vulnerable Software and Affected Versions: skopeo versions 1.13.0 through 1.14.1 Description: This update for skopeo fixes several issues, including updates to various modules and dependencies, such as github.com/containers/common, github.com/containers/image/v5, and golang.org/x/term...

Insecure Variable Substitution

github.com/go-vela/server is vulnerable to Insecure Variable Substitution. This vulnerability is due to the use of variable substitution combined with insensitive fields such as parameters, image, and entrypoint in Vela pipelines. The vulnerability allows an attacker to bypass log masking and...

CLI for Vela Insecure Variable Substitution

Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...

GHSA-4JHJ-3GV3-C3GR CLI for Vela Insecure Variable Substitution

Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2023-374)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-374 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks ...

EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2023-1837)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where...

[H-06] Double-entrypoint collateral token allows position owner to withdraw underlying collateral without repaying ZCHF

Lines of code Vulnerability details Impact Position::withdraw is intended to allow the position owner to withdraw any ERC20 token which might have ended up at position address. If the collateral address is passed as argument then Position::withdrawCollateral is called to perform the necessary...

SUSE CVE-2023-25173

containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be ab...

CVE-2023-25173

containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be ab...

Design/Logic Flaw

containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be ab...

CVE-2023-25173

containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be ab...

CVE-2023-25173

containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be ab...

SUSE CVE-2017-6369

Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so...

SmartAccount wallet creation can be backdoored

Lines of code Vulnerability details At wallet creation time, an attacker can temporarily swap the address of the entrypoint to install a backdoor in the form of a registered module in the wallet. Since wallets don't necessarily need to be created by their owners, an attacker can frontrun the wall...

Calling execute() and executeBatch() functions in SmartAccount.sol from the EntryPoint will fail

Lines of code Vulnerability details Impact The function requireFromEntryPointOrOwner is being called within the execute and executeBatch functions to check if the msg.sender is either the owner or the EntryPoint contract, but these functions have onlyOwner modifier, which will only allow the owne...

_validateSignature should not revert on invalid signature (EIP-4337)

Lines of code Vulnerability details Impact Results in unexpected behavior in the EntryPoint contract. Proof of Concept As said in the official specification of EIP-4337: "If the account does not support signature aggregation, it MUST validate the signature is a valid signature of the userOpHash,...

SmartAccountFactory.sol - Account can be created for an owner and setting any entryPoint

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept The entrypoint is being set in the initargs... function of SmartAccount.sol. The problem is that the malicious users could create wallets for legitimate owners of wallets and set the...

Attacker can gain control of counterfactual wallet

Lines of code Vulnerability details A counterfactual wallet can be used by pre-generating its address using the SmartAccountFactory.getAddressForCounterfactualWallet function. This address can then be securely used for example, sending funds to this address knowing in advance that the user will...