{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/woodpecker-ci/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Woodpecker CI (v1.0.0 through v3.15.0)"],"_cs_severities":["high"],"_cs_tags":["privilege-escalation","kubernetes","ci/cd","vulnerability"],"_cs_type":"advisory","_cs_vendors":["Woodpecker CI"],"content_html":"\u003cp\u003eA high-severity privilege escalation vulnerability, tracked as CVE-2026-61549, affects Woodpecker CI instances configured with the Kubernetes backend. Identified in versions 1.0.0 through 3.15.0, this flaw allows an attacker to manipulate the \u003ccode\u003eserviceAccountName\u003c/code\u003e parameter within pipeline configurations. Specifically, a user possessing \u0026quot;Push\u0026quot; permissions on a repository connected to the CI instance can specify an arbitrary Kubernetes ServiceAccount to execute pipeline pods. This bypasses typical administrative controls and allows the pipeline pod to inherit the permissions of the chosen ServiceAccount, even if it is highly privileged. The vulnerability, introduced in commit \u003ccode\u003e609ba481b5e912f59aaae8ca7bc22b44523c5e37\u003c/code\u003e, opens the door to critical security risks. Defenders should be aware that successful exploitation could lead to unauthorized access to sensitive data, such as database credentials, API keys, and TLS certificates, ultimately facilitating full Kubernetes cluster takeover. Immediate patching or mitigation is crucial for all affected deployments.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains \u0026quot;Push\u0026quot; permission to a repository connected to a vulnerable Woodpecker CI instance running the Kubernetes backend.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious pipeline configuration file (e.g., \u003ccode\u003e.woodpecker/pipeline.yml\u003c/code\u003e) within the repository.\u003c/li\u003e\n\u003cli\u003eThe malicious pipeline configuration includes a \u003ccode\u003ebackend_options.kubernetes.serviceAccountName\u003c/code\u003e parameter set to an arbitrary, privileged ServiceAccount existing in the Kubernetes pipeline namespace.\u003c/li\u003e\n\u003cli\u003eThe attacker pushes the crafted pipeline configuration to the repository.\u003c/li\u003e\n\u003cli\u003eWoodpecker CI detects the push event and initiates a new pipeline run based on the updated configuration.\u003c/li\u003e\n\u003cli\u003eWoodpecker CI creates a Kubernetes pod to execute the pipeline steps, unrestrictedly using the attacker-specified \u003ccode\u003eserviceAccountName\u003c/code\u003e in the pod's specification.\u003c/li\u003e\n\u003cli\u003eThe newly created pipeline pod executes with the full RBAC permissions associated with the privileged ServiceAccount defined by the attacker.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages these elevated privileges to exfiltrate sensitive data (e.g., credentials, API keys, TLS certs) or perform actions leading to full Kubernetes cluster compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis vulnerability allows for significant privilege escalation within a Kubernetes cluster. If successfully exploited, an attacker can gain the RBAC permissions of an arbitrary ServiceAccount, which can lead to the exfiltration of sensitive information such as database credentials, API keys, and TLS certificates. The ultimate consequence of exploitation is the potential for full Kubernetes cluster takeover, impacting all workloads and data within the cluster. Any organization operating a Woodpecker CI instance with the Kubernetes backend in versions 1.0.0 through 3.15.0 is vulnerable to these severe consequences.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the patched version of Woodpecker CI (\u003ccode\u003ev3.16.0\u003c/code\u003e or later) to address CVE-2026-61549 immediately.\u003c/li\u003e\n\u003cli\u003eRestrict \u0026quot;Push\u0026quot; access on repositories connected to your Woodpecker CI instance (Woodpecker CI v1.0.0-v3.15.0) to trusted users only.\u003c/li\u003e\n\u003cli\u003eHarden the Kubernetes pipeline namespace by ensuring no privileged ServiceAccounts exist or are bound within it, and keep the \u003ccode\u003edefault\u003c/code\u003e ServiceAccount minimally privileged.\u003c/li\u003e\n\u003cli\u003eDisable ServiceAccount token automounting for any ServiceAccounts that should not be used by Woodpecker CI pipelines.\u003c/li\u003e\n\u003cli\u003eEnforce an admission policy (e.g., using OPA/Gatekeeper, Kyverno, or a ValidatingAdmissionPolicy) in Kubernetes to reject pipeline pods from Woodpecker CI (v1.0.0-v3.15.0) that attempt to set an unexpected \u003ccode\u003eserviceAccountName\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-14T20:33:42Z","date_published":"2026-07-14T20:33:42Z","id":"https://feed.craftedsignal.io/briefs/2026-07-privilege-escalation-woodpecker-kubernetes/","summary":"A high-severity privilege escalation vulnerability (CVE-2026-61549) in Woodpecker CI, specifically affecting instances using the Kubernetes backend, allows any user with Push permissions on a connected repository to run pipeline pods under an arbitrary ServiceAccount, potentially leading to secret exfiltration and full cluster takeover.","title":"Woodpecker Privilege Escalation via Unrestricted Kubernetes serviceAccountName","url":"https://feed.craftedsignal.io/briefs/2026-07-privilege-escalation-woodpecker-kubernetes/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"id":"CVE-2026-50141"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Woodpecker CI v3"],"_cs_severities":["high"],"_cs_tags":["privilege-escalation","vulnerability","grpc","ci-cd"],"_cs_type":"advisory","_cs_vendors":["Woodpecker CI"],"content_html":"\u003cp\u003eA significant security flaw, tracked as CVE-2026-50141, was discovered in the gRPC communication layer of Woodpecker CI, a continuous integration platform. This vulnerability enabled any authenticated Woodpecker agent to effectively impersonate another agent residing on the same server. The core issue stemmed from the server's handling of \u003ccode\u003eagent_id\u003c/code\u003e metadata within gRPC requests. While the server correctly validated the JSON Web Token (JWT) provided by the client, it erroneously prioritized a client-supplied \u003ccode\u003eagent_id\u003c/code\u003e value over the verified identity derived from the JWT. This design flaw meant that a malicious or compromised agent could forge its identity, bypassing security controls and gaining unauthorized access to resources or executing actions typically reserved for the impersonated agent. The vulnerability impacts Woodpecker CI v3 versions, specifically from 3.0.0 up to, but not including, 3.14.1. This could lead to severe consequences for organizations using affected versions, including unauthorized code execution, data exfiltration, or disruption of CI/CD pipelines.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains authenticated access as any legitimate, potentially low-privileged, Woodpecker agent to the CI server.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a gRPC request, intending to perform an action or access resources.\u003c/li\u003e\n\u003cli\u003eWithin the gRPC request metadata, the attacker injects a forged \u003ccode\u003eagent_id\u003c/code\u003e value corresponding to a target agent they wish to impersonate.\u003c/li\u003e\n\u003cli\u003eThe malicious gRPC request is sent to the Woodpecker CI server.\u003c/li\u003e\n\u003cli\u003eThe server receives the request and correctly verifies the JWT token, confirming the attacker's original, legitimate agent identity.\u003c/li\u003e\n\u003cli\u003eDuring subsequent processing, the server \u003cem\u003eincorrectly\u003c/em\u003e discards the verified agent identity from the JWT.\u003c/li\u003e\n\u003cli\u003eThe server then prioritizes and accepts the forged \u003ccode\u003eagent_id\u003c/code\u003e supplied in the gRPC metadata by the attacker.\u003c/li\u003e\n\u003cli\u003eThe server executes the requested action or grants access to resources as if the request originated from the impersonated target agent, leading to unauthorized operations or privilege escalation.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-50141 allows an attacker to achieve cross-tenant agent impersonation within a Woodpecker CI environment. This can lead to significant unauthorized access and control over CI/CD pipelines, potentially enabling malicious actors to trigger builds, deploy unauthorized code, access sensitive repositories, or exfiltrate intellectual property. Organizations using affected versions of Woodpecker CI (v3.0.0 through v3.14.0) are at risk of severe operational disruption and data breaches. While no specific victim count or targeted sector is provided, any organization leveraging Woodpecker CI for their development workflows is a potential target.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePatch CVE-2026-50141 immediately\u003c/strong\u003e: Upgrade Woodpecker CI v3 to version 3.14.1 or later to apply the necessary security patches mentioned in the references.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImplement workarounds if patching is not immediate\u003c/strong\u003e: As a temporary mitigation, disable organization agents by setting \u003ccode\u003eWOODPECKER_DISABLE_USER_AGENT_REGISTRATION=true\u003c/code\u003e and delete any existing organization agents.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReview logs for unusual gRPC activity\u003c/strong\u003e: While specific detection rules are challenging for this vulnerability, monitor Woodpecker CI server logs for any anomalies in agent behavior or unexpected actions attributed to specific agents, particularly after an agent has been authenticated.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-14T19:18:50Z","date_published":"2026-07-14T19:18:50Z","id":"https://feed.craftedsignal.io/briefs/2026-07-woodpecker-grpc-agent-impersonation/","summary":"A high-severity vulnerability (CVE-2026-50141) in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged `agent_id` into gRPC metadata, leading to potential privilege escalation and unauthorized access within CI/CD pipelines.","title":"Woodpecker CI gRPC Vulnerability Allows Cross-Tenant Agent Impersonation (CVE-2026-50141)","url":"https://feed.craftedsignal.io/briefs/2026-07-woodpecker-grpc-agent-impersonation/"}],"language":"en","title":"CraftedSignal Threat Feed - Woodpecker CI","version":"https://jsonfeed.org/version/1.1"}