x/vulndb: potential Go vuln in github.com/woodpecker-ci/woodpecker: CVE-2024-41122 #3001

GoVulnBot · 2024-07-19T21:01:14Z

Advisory CVE-2024-41122 references a vulnerability in the following Go modules:

Module
github.com/woodpecker-ci/woodpecker

Description:
Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets who would be normally provided to the plugins who's entrypoint are overwritten. This issue has been addressed in release version 2.7.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References:

Cross references:

Module github.com/woodpecker-ci/woodpecker appears in issue x/vulndb: potential Go vuln in github.com/woodpecker-ci/woodpecker: CVE-2022-29947 #440 EFFECTIVELY_PRIVATE
Module github.com/woodpecker-ci/woodpecker appears in issue x/vulndb: potential Go vuln in github.com/woodpecker-ci/woodpecker: CVE-2023-40034 #2014 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/woodpecker-ci/woodpecker
      vulnerable_at: 1.0.5
summary: CVE-2024-41122 in github.com/woodpecker-ci/woodpecker
cves:
    - CVE-2024-41122
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-41122
    - fix: https://github.com/woodpecker-ci/woodpecker/pull/3909
    - fix: https://github.com/woodpecker-ci/woodpecker/pull/3934
    - report: https://github.com/woodpecker-ci/woodpecker-security/issues/10
    - report: https://github.com/woodpecker-ci/woodpecker/issues/3929
    - web: https://github.com/woodpecker-ci/woodpecker/security/advisories/GHSA-3wf2-2pq4-4rvc
source:
    id: CVE-2024-41122
    created: 2024-07-19T21:01:13.560703645Z
review_status: UNREVIEWED

The text was updated successfully, but these errors were encountered:

ianthehat · 2024-07-25T19:59:06Z

Duplicate #2998

ianthehat added possible duplicate triaged labels Jul 23, 2024

tatianab added possible duplicate and removed possible duplicate labels Jul 23, 2024

ianthehat added possible duplicate duplicate and removed possible duplicate labels Jul 25, 2024

ianthehat closed this as completed Jul 25, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/woodpecker-ci/woodpecker: CVE-2024-41122 #3001

x/vulndb: potential Go vuln in github.com/woodpecker-ci/woodpecker: CVE-2024-41122 #3001

GoVulnBot commented Jul 19, 2024

ianthehat commented Jul 25, 2024 •

edited by timothy-king

Loading

x/vulndb: potential Go vuln in github.com/woodpecker-ci/woodpecker: CVE-2024-41122 #3001

x/vulndb: potential Go vuln in github.com/woodpecker-ci/woodpecker: CVE-2024-41122 #3001

Comments

GoVulnBot commented Jul 19, 2024

ianthehat commented Jul 25, 2024 • edited by timothy-king Loading

ianthehat commented Jul 25, 2024 •

edited by timothy-king

Loading