CVE-2023-40034

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Aug 16, 2023

Updated: Aug 25, 2023

CWE ID 20

Summary

CVE-2023-40034 affects the Woodpecker, a community fork of Drone CI system. Malformed webhook data can be posted, leading to unauthorized repository updates and potential takeover. This vulnerability only poses a significant risk when the CI is publicly configured and connected to a public forge. Version 1.0.2 addresses this issue, and users are advised to upgrade. For those unable to do so, securing the CI system behind a firewall is recommended.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Woodpecker CI

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sQ9AiE
https://www.cve.org/CVERecord?id=CVE-2023-40034
https://nvd.nist.gov/vuln/detail/CVE-2023-40034

Back to Vulnerability Database

CVE-2023-40034

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations