PT-2025-12435 · Pipecd · Pipecd

Published

2025-03-21

Updated

2025-03-28

CVE-2024-53351

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions pipecd version 0.49

Description The issue is related to insecure permissions in pipecd, allowing attackers to gain access to the service account's token. This can lead to escalation of privileges.

Recommendations For pipecd version 0.49, update to a version that addresses the insecure permissions issue to prevent privilege escalation.

Fix

LPE

Improper Access Control

Incorrect Default Permissions

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-276CWE-732

Related Identifiers

CVE-2024-53351

GHSA-4JHW-C53W-W5R7

GO-2025-3546

OPENSUSE-SU-2025:14937-1

Affected Products

Pipecd

PT-2025-12435 · Pipecd · Pipecd

CVE-2024-53351

Weakness Enumeration

Related Identifiers

Affected Products

References · 45