{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/api-token/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.7,"id":"CVE-2026-40161"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["tekton","git","credential-access","api-token"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA vulnerability exists in Tekton Pipelines\u0026rsquo; git resolver (versions v1.0.0 through v1.10.0) where the system-configured Git API token is sent to a user-controlled \u003ccode\u003eserverURL\u003c/code\u003e when the user omits the \u003ccode\u003etoken\u003c/code\u003e parameter. This allows a malicious tenant with TaskRun or PipelineRun create permissions to exfiltrate the shared API token (GitHub PAT, GitLab token, etc.) by pointing \u003ccode\u003eserverURL\u003c/code\u003e to an attacker-controlled endpoint. The attacker can then use this token to gain unauthorized access to private repositories, potentially exposing source code, secrets, and CI/CD configurations. This vulnerability is similar to GHSA-j5q5-j9gm-2w5c, where credentials could be exfiltrated. The vulnerability resides in the \u003ccode\u003eResolveAPIGit()\u003c/code\u003e function within \u003ccode\u003epkg/resolution/resolver/git/resolver.go\u003c/code\u003e.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains permission to create TaskRuns or PipelineRuns within a Tekton Pipelines namespace.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious TaskRun or PipelineRun configuration.\u003c/li\u003e\n\u003cli\u003eThe configuration specifies the git resolver in API mode.\u003c/li\u003e\n\u003cli\u003eThe configuration omits the \u003ccode\u003etoken\u003c/code\u003e parameter but includes a \u003ccode\u003eserverURL\u003c/code\u003e pointing to an attacker-controlled endpoint.\u003c/li\u003e\n\u003cli\u003eTekton Pipelines executes the TaskRun or PipelineRun, triggering the git resolver.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eResolveAPIGit()\u003c/code\u003e function retrieves the system-configured Git API token using \u003ccode\u003egetAPIToken()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe function creates an SCM client pointed at the attacker-controlled \u003ccode\u003eserverURL\u003c/code\u003e with the system token as an \u003ccode\u003eAuthorization\u003c/code\u003e header.\u003c/li\u003e\n\u003cli\u003eSubsequent API calls from the resolver to the attacker-controlled URL transmit the system token, allowing the attacker to capture it.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation allows an attacker to exfiltrate the system Git API token (GitHub PAT, GitLab token, etc.). The exfiltrated token can be used to access private repositories, potentially leading to the exposure of sensitive information like source code, secrets, and CI/CD configurations.  This can lead to supply chain compromise, data breaches, or other unauthorized activities. All Tekton Pipeline instances running versions v1.0.0 through v1.10.0 are potentially vulnerable if a system-level API token is configured.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eDo not configure a system-level API token\u003c/strong\u003e in the git resolver ConfigMap. Instead, require all users to provide their own tokens via the \u003ccode\u003etoken\u003c/code\u003e parameter, as suggested in the advisory\u0026rsquo;s workaround section.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRestrict TaskRun creation\u003c/strong\u003e to limit which users or ServiceAccounts can create TaskRuns and PipelineRuns that use the git resolver, as recommended in the advisory\u0026rsquo;s workaround section.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eApply NetworkPolicy\u003c/strong\u003e to the \u003ccode\u003etekton-pipelines-resolvers\u003c/code\u003e namespace to restrict outbound traffic to known-good Git servers only, mitigating the risk of token exfiltration to arbitrary \u003ccode\u003eserverURL\u003c/code\u003e values.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-22T12:00:00Z","date_published":"2026-04-22T12:00:00Z","id":"/briefs/2026-04-tekton-api-token-leak/","summary":"The Tekton Pipelines git resolver in API mode leaks the system-configured Git API token to a user-controlled `serverURL` when the user omits the `token` parameter, allowing an attacker with TaskRun or PipelineRun creation permissions to exfiltrate the shared API token.","title":"Tekton Pipelines Git Resolver API Token Leak via User-Controlled ServerURL","url":"https://feed.craftedsignal.io/briefs/2026-04-tekton-api-token-leak/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["directus","vulnerability","credential-access","api-token","2fa-bypass"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eDirectus versions prior to 11.17.0 contain a vulnerability where aggregate functions, such as \u003ccode\u003emin\u003c/code\u003e and \u003ccode\u003emax\u003c/code\u003e, when applied to fields with the \u003ccode\u003econceal\u003c/code\u003e special type, incorrectly return raw database values instead of the masked placeholder. This affects authenticated users who have read access to the affected collection, enabling them to extract concealed field values via \u003ccode\u003egroupBy\u003c/code\u003e aggregate queries.  This vulnerability allows for the extraction of sensitive information, such as static API tokens and two-factor authentication secrets stored in \u003ccode\u003edirectus_users\u003c/code\u003e, enabling account takeovers and 2FA bypass. The vulnerability was reported on April 4, 2026, and is identified as CVE-2026-35442. Defenders should prioritize upgrading Directus instances to version 11.17.0 or later to mitigate this risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker authenticates to a vulnerable Directus instance with valid user credentials.\u003c/li\u003e\n\u003cli\u003eAttacker identifies a collection containing fields with the \u003ccode\u003econceal\u003c/code\u003e special type, such as \u003ccode\u003edirectus_users\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAttacker crafts an aggregate query using functions like \u003ccode\u003emin\u003c/code\u003e or \u003ccode\u003emax\u003c/code\u003e on the concealed field and includes a \u003ccode\u003egroupBy\u003c/code\u003e clause. Example: \u003ccode\u003eSELECT min(secret_field) FROM collection GROUP BY other_field\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe Directus server processes the aggregate query but fails to properly apply the masking logic to the nested results.\u003c/li\u003e\n\u003cli\u003eThe server returns the raw, unmasked values of the concealed field in the aggregate query response.\u003c/li\u003e\n\u003cli\u003eThe attacker extracts static API tokens and TOTP seeds from the returned data.\u003c/li\u003e\n\u003cli\u003eAttacker uses the extracted API tokens to authenticate as other users, including administrators, bypassing username/password requirements.\u003c/li\u003e\n\u003cli\u003eAttacker uses the extracted TOTP seeds to bypass two-factor authentication for other users, gaining unauthorized access to their accounts.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can lead to complete account takeover, including administrative accounts. Two-factor authentication mechanisms can be bypassed, invalidating this security control. The number of affected organizations depends on the adoption rate of Directus, but all instances running versions prior to 11.17.0 are vulnerable. If the attack succeeds, attackers gain full control over the Directus instance and associated data, potentially leading to data breaches, service disruption, and reputational damage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Directus to version 11.17.0 or later to patch the vulnerability (CVE-2026-35442).\u003c/li\u003e\n\u003cli\u003eImplement a Web Application Firewall (WAF) rule to detect and block aggregate queries targeting concealed fields in sensitive collections. See the Sigma rule example for guidance.\u003c/li\u003e\n\u003cli\u003eMonitor Directus application logs for unusual aggregate query patterns, especially those involving \u003ccode\u003egroupBy\u003c/code\u003e and functions like \u003ccode\u003emin\u003c/code\u003e or \u003ccode\u003emax\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-04T06:13:57Z","date_published":"2026-04-04T06:13:57Z","id":"/briefs/2026-04-directus-aggregate-disclosure/","summary":"A vulnerability in Directus versions prior to 11.17.0 allows authenticated users to extract concealed field values, including static API tokens and two-factor authentication secrets from directus_users, via aggregate queries.","title":"Directus Aggregate Query Vulnerability Allows Disclosure of Concealed Data","url":"https://feed.craftedsignal.io/briefs/2026-04-directus-aggregate-disclosure/"}],"language":"en","title":"CraftedSignal Threat Feed — Api-Token","version":"https://jsonfeed.org/version/1.1"}