VDB
CVE-2024-53351
CVE-2024-53351
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Insecure permissions in pipecd v0.49 allow attackers to gain access to the service account's token, leading to escalation of privileges.
EPSS 0.09% · 26.2th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.09%
26.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | pipe-cd/pipecd | 0 |
| n/a | n/a | n/a |
| linuxfoundation | pipecd | 0 |
Timeline
- Jan 21, 1970 GitHub Gist PoC
- Mar 21, 2025 CVE Published
- Mar 21, 2025 Coalition ESS Score
- Mar 22, 2025 EPSS Score
- Mar 24, 2025 CVE Updated
- Mar 24, 2025 PoC Published
- Mar 24, 2025 PoC Published
- Mar 24, 2025 PoC Published
- Mar 26, 2025 Coalition ESS Score
- Apr 4, 2025 EPSS Score
- Apr 14, 2025 Coalition ESS Score
- Apr 17, 2025 EPSS Score