[Git][security-tracker-team/security-tracker][master] 2 commits: Adjust some older CVEs for woodpecker
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 30 22:39:15 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7fb7e2f5 by Salvatore Bonaccorso at 2026-06-30T23:38:24+02:00
Adjust some older CVEs for woodpecker
- - - - -
d470046f by Salvatore Bonaccorso at 2026-06-30T23:38:50+02:00
Add new issues for woodpecker, itp'ed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -38,9 +38,9 @@ CVE-2026-58372 (SeaweedFS before 4.34 contains a path traversal vulnerability in
CVE-2026-58371 (SeaweedFS before 4.30 reflects the callback query parameter verbatim i ...)
TODO: check
CVE-2026-58370 (Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list ...)
- TODO: check
+ - woodpecker <itp> (bug #1008934)
CVE-2026-58369 (Woodpecker before 3.15.0 registers the /api/orgs/lookup/*org_full_name ...)
- TODO: check
+ - woodpecker <itp> (bug #1008934)
CVE-2026-58176 (RuoYi-Vue-Plus through 5.6.2, fixed in commit 88d03d9, exposes workflo ...)
NOT-FOR-US: RuoYi-Vue-Plus
CVE-2026-58174 (Hermes WebUI before 0.51.521 validates the workspace of an imported se ...)
@@ -267333,9 +267333,9 @@ CVE-2024-41172 (In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lowe
CVE-2024-41124 (Puncia is the Official CLI utility for Subdomain Center & Exploit Obse ...)
NOT-FOR-US: Puncia
CVE-2024-41122 (Woodpecker is a simple yet powerful CI/CD engine with great extensibil ...)
- NOT-FOR-US: Woodpecker
+ - woodpecker <itp> (bug #1008934)
CVE-2024-41121 (Woodpecker is a simple yet powerful CI/CD engine with great extensibil ...)
- NOT-FOR-US: Woodpecker
+ - woodpecker <itp> (bug #1008934)
CVE-2024-41107 (The CloudStack SAML authentication (disabled by default) does not enfo ...)
NOT-FOR-US: Apache CloudStack
CVE-2024-40400 (An arbitrary file upload vulnerability in the image upload function of ...)
@@ -348315,7 +348315,7 @@ CVE-2023-40252 (Improper Control of Generation of Code ('Code Injection') vulner
CVE-2023-40251 (Missing Encryption of Sensitive Data vulnerability in Genians Genian N ...)
NOT-FOR-US: Genians
CVE-2023-40034 (Woodpecker is a community fork of the Drone CI system. In affected ver ...)
- NOT-FOR-US: Woodpecker
+ - woodpecker <itp> (bug #1008934)
CVE-2023-40033 (Flarum is an open source forum software. Flarum is affected by a vulne ...)
NOT-FOR-US: Flarum
CVE-2023-40021 (Oppia is an online learning platform. When comparing a received CSRF t ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/86e82ec02b2bb1342efa0046ea20ae1bc05f5f33...d470046fa6c9779d17ef153805bac1859953f578
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/86e82ec02b2bb1342efa0046ea20ae1bc05f5f33...d470046fa6c9779d17ef153805bac1859953f578
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260630/285c957e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list