What is CVE-2023-40034?

CVE-2023-40034 is a high-severity vulnerability in Woodpecker-ci Woodpecker, classified under Improper Input Validation. CVSS score: 8.1/10. Published 2023-08-16.

How severe is CVE-2023-40034?

High severity. CVSS v3 base score is 8.1 out of 10.

Improper input validation in Woodpecker-ci Woodpecker

CVE-2023-40034

Woodpecker is a community fork of the Drone CI system. In affected versions an attacker can post malformed webhook data witch lead to an update of the repository data that can e.g. allow the takeover of an repo. This is only critical if th…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.007 (48.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Woodpecker-ci Woodpecker — versions >= 1.0.0, < 1.0.2

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

security-advisories@github.com (x_refsource_CONFIRM, Vendor Advisory)
security-advisories@github.com (x_refsource_MISC, Issue Tracking)
security-advisories@github.com (x_refsource_MISC, Issue Tracking)
security-advisories@github.com (Patch, x_refsource_MISC)

Frequently asked questions

What is CVE-2023-40034?: CVE-2023-40034 is a high-severity vulnerability in Woodpecker-ci Woodpecker, classified under Improper Input Validation. CVSS score: 8.1/10. Published 2023-08-16.
How severe is CVE-2023-40034?: High severity. CVSS v3 base score is 8.1 out of 10.