CVE-2023-40034
CVSS 3.1 Score 8.1 of 10 (high)
Details
Published Aug 16, 2023
Updated: Aug 25, 2023
CWE ID 20
Summary
CVE-2023-40034 affects the Woodpecker, a community fork of Drone CI system. Malformed webhook data can be posted, leading to unauthorized repository updates and potential takeover. This vulnerability only poses a significant risk when the CI is publicly configured and connected to a public forge. Version 1.0.2 addresses this issue, and users are advised to upgrade. For those unable to do so, securing the CI system behind a firewall is recommended.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Woodpecker CI