CVE-2023-40034

Name of the Vulnerable Software and Affected Versions Woodpecker versions prior to 1.0.2

Description An attacker can post malformed webhook data which leads to an update of the repository data, potentially allowing the takeover of a repository. This issue is critical if the CI is configured for public usage and connected to a forge that is also in public usage.

Recommendations For versions prior to 1.0.2, upgrade to version 1.0.2 or later. For users unable to upgrade, secure the CI system by making it inaccessible to untrusted entities, for example, by placing it behind a firewall.