Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Remotely reachable gRPC endpoint (AV:N), straightforward metadata injection (AC:L), valid agent token required (PR:L), no user interaction; impersonation tampers with CI integrity (I:H) with no direct C/A impact.
Primary rating from Vendor (github).
CVSS VectorVendor: github
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agent_id value into outgoing gRPC metadata. The server correctly verified the JWT token but then discarded the verified agent identity in favor of the client-supplied value. Version 3.14.1 patches the issue. As a workaround, disable org agents (WOODPECKER_DISABLE_USER_AGENT_REGISTRATION=true) and delete existing ones.
AnalysisAI
Agent impersonation in Woodpecker CI 3.0.0 through 3.14.0 allows any authenticated agent to assume the identity of any other agent on the same server by injecting a forged agent_id into outgoing gRPC metadata. The server validates the JWT correctly but then trusts the client-supplied agent_id over the cryptographically verified one, enabling cross-tenant job hijacking and integrity compromise of CI pipelines. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires (1) a valid Woodpecker agent JWT on the target server, obtainable by anyone permitted to register an agent - typically users or organizations on shared/multi-tenant Woodpecker deployments running 3.0.0 through 3.14.0; (2) network reachability to the server's gRPC endpoint; and (3) a modified gRPC client capable of injecting a custom agent_id key into outgoing metadata. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor CVSS 4.0 score of 7.1 (AV:N/AC:L/PR:L/UI:N/VC:N/VI:H/VA:N) accurately reflects a remote, low-complexity attack requiring only a legitimate agent token, with high integrity impact and no confidentiality or availability impact in the base vector - though in practice a hijacked agent can read pipeline secrets passed to jobs, so real-world confidentiality risk is likely understated. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker registers (or compromises) any legitimate Woodpecker agent on a multi-tenant server, obtaining a valid JWT. They then run a modified agent client that prepends an arbitrary numeric agent_id (e.g., that of a privileged production agent) into the outgoing gRPC metadata before sending RPCs such as Next or Update; the server validates the JWT but reads the spoofed agent_id, routing another tenant's pipeline jobs - and their secrets - to the attacker-controlled agent. |
| Remediation | Vendor-released patch: upgrade Woodpecker CI server to 3.14.1 or later, per advisory GHSA-g7mm-9vx7-jm7h (https://github.com/woodpecker-ci/woodpecker/security/advisories/GHSA-g7mm-9vx7-jm7h). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Audit all Woodpecker CI deployments for versions 3.0.0-3.14.0; document current agent credentials and job execution privileges. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-290 – Authentication Bypass by Spoofing
View allSame technique Authentication Bypass
View allVendor StatusVendor
SUSE
Severity: ModerateShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37897
GHSA-g7mm-9vx7-jm7h