Woodpecker Security Vulnerabilities and Issues — Woodpecker CVE List

cve

CVE-2022-29947

Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping.

6.1CVSS

5.9AI Score

0.001EPSS

2022-04-29 09:15 PM

53

2

cve

CVE-2023-40034

Woodpecker is a community fork of the Drone CI system. In affected versions an attacker can post malformed webhook data witch lead to an update of the repository data that can e.g. allow the takeover of an repo. This is only critical if the CI is configured for public usage and connected to a forge...

8.1CVSS

8AI Score

0.001EPSS

2023-08-16 09:15 PM

42

cve

CVE-2024-41121

Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets who...

8.8CVSS

7.1AI Score

0.0004EPSS

2024-07-19 08:15 PM

28

cve

CVE-2024-41122

Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets who...

7.5CVSS

6.8AI Score

0.0004EPSS

2024-07-19 08:15 PM

28