Ecrupper

**Name of the Vulnerable Software and Affected Versions** Vela versions prior to 0.25.3 Vela versions prior to 0.26.3 **Description** The issue allows an attacker to transfer ownership of a repository and its secrets to a separate repository by spoofing a webhook payload with specific headers and body data. This could lead to the exfiltration of secrets through follow-up builds. Users with access to repository-level CI secrets and the CI instance are vulnerable. **Recommendations** For versions prior to 0.25.3, update to version 0.25.3 or later to resolve the issue. For versions prior to 0.26.3, update to version 0.26.3 or later to resolve the issue.