Home > Vulnerability Database > CVE-2023-40034

Mend.io Vulnerability Database

CVE-2023-40034

Good to know:

Date: August 16, 2023

Woodpecker is a community fork of the Drone CI system. In affected versions an attacker can post malformed webhook data witch lead to an update of the repository data that can e.g. allow the takeover of an repo. This is only critical if the CI is configured for public usage and connected to a forge witch is also in public usage. This issue has been addressed in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should secure the CI system by making it inaccessible to untrusted entities, for example, by placing it behind a firewall.

Language: Go

Severity Score

8.1

Related Resources (6)

Url: https://github.com/woodpecker-ci/woodpecker/security/advisories/GHSA-4gcf-5m39-98mc

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-40034

Url: https://github.com/woodpecker-ci/woodpecker/pull/2222

Url: https://github.com/woodpecker-ci/woodpecker/pull/2221

Url: https://github.com/woodpecker-ci/woodpecker/commit/6e4c2f84cc84661d58cf1c0e5c421a46070bb105

Url: https://www.mend.io/vulnerability-database/CVE-2023-40034

Severity Score

8.1

Weakness Type (CWE)

Input Validation

CWE-20

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version v1.0.2

Learn More

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-40034

Good to know:

Date: August 16, 2023

Language: Go

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?