Executive Intelligence Brief
A vulnerability in Woodpecker CI's gRPC layer, identified as CVE-2026-50141 with a CVSS score of 7.1, allows any authenticated agent to impersonate another agent on the same server. This is achieved by injecting a forged `agent_id` value into the gRPC metadata. The server correctly verifies the JWT token but then discards the verified agent identity in favor of the client-supplied value. This vulnerability impacts Woodpecker CI versions 3.0.0 to 3.14.1 and enables cross-tenant impersonation, potentially leading to unauthorized access and privilege escalation. Immediate patching or applying workarounds is recommended.
Threat Overview
Woodpecker CI is a popular open-source continuous integration/continuous deployment (CI/CD) platform. It allows users to automate software builds, tests, and deployments. The platform uses gRPC for communication between agents and the server. This vulnerability in the gRPC layer allows an authenticated agent to impersonate any other agent on the same server by spoofing the `agent_id` metadata. This issue is particularly concerning because it enables cross-tenant impersonation, which could lead to unauthorized access to sensitive data and systems.
Technical Deep Dive
Vulnerability Classification
The vulnerability is classified under CWE-290 (Authentication Bypass by Spoofing) and CWE-639 (Authorization Bypass Through User-Controlled Key). These weaknesses occur when an application fails to properly validate and enforce authentication or authorization mechanisms, allowing attackers to bypass these controls.
Root Cause Analysis
The root cause of this vulnerability is the improper handling of `agent_id` metadata in the gRPC layer of Woodpecker CI. Specifically, the server verifies the JWT token of the authenticated agent but then uses the client-supplied `agent_id` value instead of the verified identity. This allows an attacker to impersonate another agent by simply providing a forged `agent_id`.
Attack Vector & Chain
The attack vector involves an authenticated agent injecting a forged `agent_id` value into the gRPC metadata. This can lead to a chain of attacks where the impersonated agent's privileges are exploited. The preconditions for this attack include having an authenticated agent on the server and the ability to modify the `agent_id` metadata.
Exploitation Scenario Walkthrough
Scenario: Cross-Tenant Impersonation via gRPC Metadata Spoofing
1. Reconnaissance: An attacker identifies a vulnerable Woodpecker CI server and an agent that can be impersonated.
2. Weaponization: The attacker prepares a forged `agent_id` value corresponding to the target agent.
3. Delivery & Exploitation: The attacker, through an authenticated agent, injects the forged `agent_id` into the gRPC metadata and sends it to the server. The server, verifying the JWT token but not the `agent_id`, processes the request as if it came from the impersonated agent.
4. Post-Exploitation: The attacker, now impersonating the target agent, can perform actions as if they were that agent, potentially leading to unauthorized access and privilege escalation.
5. Impact Realization: The final impact could include unauthorized data access, manipulation of CI/CD pipelines, or even lateral movement within the network.
Exploitation in the Wild
There is no indication that this vulnerability is currently being actively exploited in the wild. However, given its severity and the potential for cross-tenant impersonation, it is likely that attackers will target this vulnerability if patches are not applied.
Impact Analysis
Direct Impact
The direct impact of this vulnerability includes the ability for an authenticated agent to impersonate any other agent on the same server. This could lead to unauthorized access, privilege escalation, and manipulation of CI/CD processes.
Downstream & Cascading Effects
The downstream effects could include supply chain compromise if an attacker manipulates CI/CD pipelines to inject malicious code or alter build artifacts. Additionally, there could be regulatory implications and customer data exposure if sensitive data is accessed or modified.
Affected Products & Versions
Woodpecker CI versions 3.0.0 to 3.14.1 are affected. Patches are available in pull requests 6567 and 6569.
Detection & Threat Hunting
Indicators of Compromise
Indicators of compromise may include unusual agent activity, such as unexpected actions performed by agents or discrepancies in agent behavior.
Detection Rules & Signatures
Detection rules could involve monitoring gRPC traffic for unusual patterns, such as frequent changes in `agent_id` values from a single authenticated agent. Behavioral patterns indicating exploitation could include actions typically performed by high-privilege agents being executed by lower-privilege agents.
Threat Hunting Queries
Threat hunting queries could involve searching for agents performing actions outside their normal scope or identifying agents with unusual activity patterns.
Remediation & Hardening
Immediate Actions (0-24 hours)
Immediate actions include applying patches from pull requests 6567 and 6569. As a workaround, disabling org agents (`WOODPECKER_DISABLE_USER_AGENT_REGISTRATION=true`) and deleting existing ones can mitigate the vulnerability.
Short-Term Hardening (1-7 days)
Short-term hardening involves enhancing monitoring of gRPC traffic and agent activity. Implementing additional security controls, such as stricter access controls and more frequent audits, can also help.
Strategic Recommendations
Strategic recommendations include regularly updating and patching software, implementing robust authentication and authorization mechanisms, and conducting thorough security audits to identify and address potential vulnerabilities.
Analyst Assessment
The risk of this vulnerability is significant due to its potential for cross-tenant impersonation and the ease with which it can be exploited. Organizations using Woodpecker CI should prioritize patching or applying workarounds immediately. The likelihood of exploitation is expected to increase if patches are not applied, given the severity of the vulnerability and the potential benefits to attackers.
Sources
- GitHub Security Advisories: https://github.com/advisories/GHSA-g7mm-9vx7-jm7h