Woodpecker: Privilege escalation via unrestricted serviceAccountName in the Kubernetes backend
A privilege escalation vulnerability affects Woodpecker instances using the Kubernetes backend. The pipeline option backend_options.kubernetes.serviceAccountName was passed directly to the pod spec without any admin gating. Who is impacted: any operator running the Kubernetes backend. Any user with Push permission on a connected repository can run pipeline pods under an arbitrary ServiceAccount in the pipeline namespace, gaining that account's RBAC permissions. If a privileged ServiceAccount is reachable in that namespace, …