<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Woodpecker CI - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/vendors/woodpecker-ci/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Tue, 14 Jul 2026 20:33:42 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/vendors/woodpecker-ci/feed.xml" rel="self" type="application/rss+xml"/><item><title>Woodpecker Privilege Escalation via Unrestricted Kubernetes serviceAccountName</title><link>https://feed.craftedsignal.io/briefs/2026-07-privilege-escalation-woodpecker-kubernetes/</link><pubDate>Tue, 14 Jul 2026 20:33:42 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-privilege-escalation-woodpecker-kubernetes/</guid><description>A high-severity privilege escalation vulnerability (CVE-2026-61549) in Woodpecker CI, specifically affecting instances using the Kubernetes backend, allows any user with Push permissions on a connected repository to run pipeline pods under an arbitrary ServiceAccount, potentially leading to secret exfiltration and full cluster takeover.</description><content:encoded><![CDATA[<p>A high-severity privilege escalation vulnerability, tracked as CVE-2026-61549, affects Woodpecker CI instances configured with the Kubernetes backend. Identified in versions 1.0.0 through 3.15.0, this flaw allows an attacker to manipulate the <code>serviceAccountName</code> parameter within pipeline configurations. Specifically, a user possessing &quot;Push&quot; permissions on a repository connected to the CI instance can specify an arbitrary Kubernetes ServiceAccount to execute pipeline pods. This bypasses typical administrative controls and allows the pipeline pod to inherit the permissions of the chosen ServiceAccount, even if it is highly privileged. The vulnerability, introduced in commit <code>609ba481b5e912f59aaae8ca7bc22b44523c5e37</code>, opens the door to critical security risks. Defenders should be aware that successful exploitation could lead to unauthorized access to sensitive data, such as database credentials, API keys, and TLS certificates, ultimately facilitating full Kubernetes cluster takeover. Immediate patching or mitigation is crucial for all affected deployments.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>Attacker gains &quot;Push&quot; permission to a repository connected to a vulnerable Woodpecker CI instance running the Kubernetes backend.</li>
<li>Attacker crafts a malicious pipeline configuration file (e.g., <code>.woodpecker/pipeline.yml</code>) within the repository.</li>
<li>The malicious pipeline configuration includes a <code>backend_options.kubernetes.serviceAccountName</code> parameter set to an arbitrary, privileged ServiceAccount existing in the Kubernetes pipeline namespace.</li>
<li>The attacker pushes the crafted pipeline configuration to the repository.</li>
<li>Woodpecker CI detects the push event and initiates a new pipeline run based on the updated configuration.</li>
<li>Woodpecker CI creates a Kubernetes pod to execute the pipeline steps, unrestrictedly using the attacker-specified <code>serviceAccountName</code> in the pod's specification.</li>
<li>The newly created pipeline pod executes with the full RBAC permissions associated with the privileged ServiceAccount defined by the attacker.</li>
<li>The attacker leverages these elevated privileges to exfiltrate sensitive data (e.g., credentials, API keys, TLS certs) or perform actions leading to full Kubernetes cluster compromise.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>This vulnerability allows for significant privilege escalation within a Kubernetes cluster. If successfully exploited, an attacker can gain the RBAC permissions of an arbitrary ServiceAccount, which can lead to the exfiltration of sensitive information such as database credentials, API keys, and TLS certificates. The ultimate consequence of exploitation is the potential for full Kubernetes cluster takeover, impacting all workloads and data within the cluster. Any organization operating a Woodpecker CI instance with the Kubernetes backend in versions 1.0.0 through 3.15.0 is vulnerable to these severe consequences.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Deploy the patched version of Woodpecker CI (<code>v3.16.0</code> or later) to address CVE-2026-61549 immediately.</li>
<li>Restrict &quot;Push&quot; access on repositories connected to your Woodpecker CI instance (Woodpecker CI v1.0.0-v3.15.0) to trusted users only.</li>
<li>Harden the Kubernetes pipeline namespace by ensuring no privileged ServiceAccounts exist or are bound within it, and keep the <code>default</code> ServiceAccount minimally privileged.</li>
<li>Disable ServiceAccount token automounting for any ServiceAccounts that should not be used by Woodpecker CI pipelines.</li>
<li>Enforce an admission policy (e.g., using OPA/Gatekeeper, Kyverno, or a ValidatingAdmissionPolicy) in Kubernetes to reject pipeline pods from Woodpecker CI (v1.0.0-v3.15.0) that attempt to set an unexpected <code>serviceAccountName</code>.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>privilege-escalation</category><category>kubernetes</category><category>ci/cd</category><category>vulnerability</category></item><item><title>Woodpecker CI gRPC Vulnerability Allows Cross-Tenant Agent Impersonation (CVE-2026-50141)</title><link>https://feed.craftedsignal.io/briefs/2026-07-woodpecker-grpc-agent-impersonation/</link><pubDate>Tue, 14 Jul 2026 19:18:50 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-woodpecker-grpc-agent-impersonation/</guid><description>A high-severity vulnerability (CVE-2026-50141) in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged `agent_id` into gRPC metadata, leading to potential privilege escalation and unauthorized access within CI/CD pipelines.</description><content:encoded><![CDATA[<p>A significant security flaw, tracked as CVE-2026-50141, was discovered in the gRPC communication layer of Woodpecker CI, a continuous integration platform. This vulnerability enabled any authenticated Woodpecker agent to effectively impersonate another agent residing on the same server. The core issue stemmed from the server's handling of <code>agent_id</code> metadata within gRPC requests. While the server correctly validated the JSON Web Token (JWT) provided by the client, it erroneously prioritized a client-supplied <code>agent_id</code> value over the verified identity derived from the JWT. This design flaw meant that a malicious or compromised agent could forge its identity, bypassing security controls and gaining unauthorized access to resources or executing actions typically reserved for the impersonated agent. The vulnerability impacts Woodpecker CI v3 versions, specifically from 3.0.0 up to, but not including, 3.14.1. This could lead to severe consequences for organizations using affected versions, including unauthorized code execution, data exfiltration, or disruption of CI/CD pipelines.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker gains authenticated access as any legitimate, potentially low-privileged, Woodpecker agent to the CI server.</li>
<li>The attacker crafts a gRPC request, intending to perform an action or access resources.</li>
<li>Within the gRPC request metadata, the attacker injects a forged <code>agent_id</code> value corresponding to a target agent they wish to impersonate.</li>
<li>The malicious gRPC request is sent to the Woodpecker CI server.</li>
<li>The server receives the request and correctly verifies the JWT token, confirming the attacker's original, legitimate agent identity.</li>
<li>During subsequent processing, the server <em>incorrectly</em> discards the verified agent identity from the JWT.</li>
<li>The server then prioritizes and accepts the forged <code>agent_id</code> supplied in the gRPC metadata by the attacker.</li>
<li>The server executes the requested action or grants access to resources as if the request originated from the impersonated target agent, leading to unauthorized operations or privilege escalation.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-50141 allows an attacker to achieve cross-tenant agent impersonation within a Woodpecker CI environment. This can lead to significant unauthorized access and control over CI/CD pipelines, potentially enabling malicious actors to trigger builds, deploy unauthorized code, access sensitive repositories, or exfiltrate intellectual property. Organizations using affected versions of Woodpecker CI (v3.0.0 through v3.14.0) are at risk of severe operational disruption and data breaches. While no specific victim count or targeted sector is provided, any organization leveraging Woodpecker CI for their development workflows is a potential target.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li><strong>Patch CVE-2026-50141 immediately</strong>: Upgrade Woodpecker CI v3 to version 3.14.1 or later to apply the necessary security patches mentioned in the references.</li>
<li><strong>Implement workarounds if patching is not immediate</strong>: As a temporary mitigation, disable organization agents by setting <code>WOODPECKER_DISABLE_USER_AGENT_REGISTRATION=true</code> and delete any existing organization agents.</li>
<li><strong>Review logs for unusual gRPC activity</strong>: While specific detection rules are challenging for this vulnerability, monitor Woodpecker CI server logs for any anomalies in agent behavior or unexpected actions attributed to specific agents, particularly after an agent has been authenticated.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>privilege-escalation</category><category>vulnerability</category><category>grpc</category><category>ci-cd</category></item></channel></rss>