CVE-2024-53351: PipeCD Vulnerable to Privilege Escalation

March 21, 2025 (updated March 24, 2025)

Insecure permissions in pipecd v0.49 allow attackers to gain access to the service account’s token, leading to escalation of privileges.

References

gist.github.com/HouqiyuA/948a808b8bd48b17b37a4d5e0b6fb005
github.com/advisories/GHSA-4jhw-c53w-w5r7
github.com/pipe-cd/pipecd
nvd.nist.gov/vuln/detail/CVE-2024-53351
pipecd.dev/

Code Behaviors & Features

Detect and mitigate CVE-2024-53351 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →