{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/tekton/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.7,"id":"CVE-2026-40161"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["tekton","git","credential-access","api-token"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA vulnerability exists in Tekton Pipelines\u0026rsquo; git resolver (versions v1.0.0 through v1.10.0) where the system-configured Git API token is sent to a user-controlled \u003ccode\u003eserverURL\u003c/code\u003e when the user omits the \u003ccode\u003etoken\u003c/code\u003e parameter. This allows a malicious tenant with TaskRun or PipelineRun create permissions to exfiltrate the shared API token (GitHub PAT, GitLab token, etc.) by pointing \u003ccode\u003eserverURL\u003c/code\u003e to an attacker-controlled endpoint. The attacker can then use this token to gain unauthorized access to private repositories, potentially exposing source code, secrets, and CI/CD configurations. This vulnerability is similar to GHSA-j5q5-j9gm-2w5c, where credentials could be exfiltrated. The vulnerability resides in the \u003ccode\u003eResolveAPIGit()\u003c/code\u003e function within \u003ccode\u003epkg/resolution/resolver/git/resolver.go\u003c/code\u003e.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains permission to create TaskRuns or PipelineRuns within a Tekton Pipelines namespace.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious TaskRun or PipelineRun configuration.\u003c/li\u003e\n\u003cli\u003eThe configuration specifies the git resolver in API mode.\u003c/li\u003e\n\u003cli\u003eThe configuration omits the \u003ccode\u003etoken\u003c/code\u003e parameter but includes a \u003ccode\u003eserverURL\u003c/code\u003e pointing to an attacker-controlled endpoint.\u003c/li\u003e\n\u003cli\u003eTekton Pipelines executes the TaskRun or PipelineRun, triggering the git resolver.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eResolveAPIGit()\u003c/code\u003e function retrieves the system-configured Git API token using \u003ccode\u003egetAPIToken()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe function creates an SCM client pointed at the attacker-controlled \u003ccode\u003eserverURL\u003c/code\u003e with the system token as an \u003ccode\u003eAuthorization\u003c/code\u003e header.\u003c/li\u003e\n\u003cli\u003eSubsequent API calls from the resolver to the attacker-controlled URL transmit the system token, allowing the attacker to capture it.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation allows an attacker to exfiltrate the system Git API token (GitHub PAT, GitLab token, etc.). The exfiltrated token can be used to access private repositories, potentially leading to the exposure of sensitive information like source code, secrets, and CI/CD configurations.  This can lead to supply chain compromise, data breaches, or other unauthorized activities. All Tekton Pipeline instances running versions v1.0.0 through v1.10.0 are potentially vulnerable if a system-level API token is configured.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eDo not configure a system-level API token\u003c/strong\u003e in the git resolver ConfigMap. Instead, require all users to provide their own tokens via the \u003ccode\u003etoken\u003c/code\u003e parameter, as suggested in the advisory\u0026rsquo;s workaround section.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRestrict TaskRun creation\u003c/strong\u003e to limit which users or ServiceAccounts can create TaskRuns and PipelineRuns that use the git resolver, as recommended in the advisory\u0026rsquo;s workaround section.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eApply NetworkPolicy\u003c/strong\u003e to the \u003ccode\u003etekton-pipelines-resolvers\u003c/code\u003e namespace to restrict outbound traffic to known-good Git servers only, mitigating the risk of token exfiltration to arbitrary \u003ccode\u003eserverURL\u003c/code\u003e values.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-22T12:00:00Z","date_published":"2026-04-22T12:00:00Z","id":"/briefs/2026-04-tekton-api-token-leak/","summary":"The Tekton Pipelines git resolver in API mode leaks the system-configured Git API token to a user-controlled `serverURL` when the user omits the `token` parameter, allowing an attacker with TaskRun or PipelineRun creation permissions to exfiltrate the shared API token.","title":"Tekton Pipelines Git Resolver API Token Leak via User-Controlled ServerURL","url":"https://feed.craftedsignal.io/briefs/2026-04-tekton-api-token-leak/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.7,"id":"CVE-2026-40161"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["tekton","credential-access","cve-2026-40161"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eTekton Pipelines, a Kubernetes-style resource for declaring CI/CD pipelines, contains a vulnerability (CVE-2026-40161) in its git resolver component. Specifically, versions 1.0.0 to 1.10.0 are affected. When operating in API mode, the resolver inadvertently sends the system-configured Git API token (e.g., GitHub PAT, GitLab token) to a server specified by the user if the token parameter is omitted. This allows an attacker with TaskRun or PipelineRun creation privileges to exfiltrate the shared API token by directing the serverURL to an attacker-controlled endpoint. The vulnerability allows for the potential compromise of CI/CD pipelines and related infrastructure.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains access to a Kubernetes tenant with permissions to create TaskRun or PipelineRun resources within Tekton Pipelines.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious TaskRun or PipelineRun configuration.\u003c/li\u003e\n\u003cli\u003eThe configuration leverages the Tekton Pipelines git resolver in API mode.\u003c/li\u003e\n\u003cli\u003eThe attacker omits the \u003ccode\u003etoken\u003c/code\u003e parameter in the git resolver configuration, forcing the system to use the system-configured Git API token.\u003c/li\u003e\n\u003cli\u003eThe attacker sets the \u003ccode\u003eserverURL\u003c/code\u003e parameter to an attacker-controlled endpoint.\u003c/li\u003e\n\u003cli\u003eTekton Pipelines, upon execution of the TaskRun or PipelineRun, sends the system-configured Git API token to the attacker-controlled \u003ccode\u003eserverURL\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s server logs and captures the leaked Git API token.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the exfiltrated token to access and potentially compromise Git repositories or other services authenticated by the token.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-40161 allows an attacker to steal the system-configured Git API token used by Tekton Pipelines. This could lead to unauthorized access to Git repositories, the modification of code, and the potential compromise of the entire CI/CD pipeline. Given Tekton\u0026rsquo;s widespread adoption, a successful attack could affect numerous organizations using the vulnerable versions.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Tekton Pipelines to a version greater than 1.10.0 to remediate CVE-2026-40161.\u003c/li\u003e\n\u003cli\u003eImplement strict access controls within the Kubernetes cluster to limit TaskRun and PipelineRun creation privileges to authorized users only.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic originating from Tekton Pipeline pods for connections to unusual or untrusted \u003ccode\u003eserverURL\u003c/code\u003e destinations as specified in CVE-2026-40161. Create a network connection rule for this.\u003c/li\u003e\n\u003cli\u003eReview Tekton Pipeline configurations for suspicious \u003ccode\u003eserverURL\u003c/code\u003e parameters using a file monitoring rule.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-22T12:00:00Z","date_published":"2026-04-22T12:00:00Z","id":"/briefs/2026-04-tekton-credential-leak/","summary":"Tekton Pipelines versions 1.0.0 to 1.10.0 are vulnerable to credential access, where the Git resolver in API mode transmits the system-configured Git API token to a user-controlled serverURL, enabling token exfiltration via a malicious server.","title":"Tekton Pipelines Git Resolver API Token Leak via ServerURL Manipulation (CVE-2026-40161)","url":"https://feed.craftedsignal.io/briefs/2026-04-tekton-credential-leak/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["tekton","path-traversal","kubernetes","cve-2026-33211","cloud"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe Tekton Pipelines project provides Kubernetes-style resources for declaring CI/CD pipelines. A path traversal vulnerability exists in the git resolver component, tracked as CVE-2026-33211. This vulnerability affects Tekton Pipelines versions 1.0.0 and prior to 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2. An attacker with the ability to create \u003ccode\u003eResolutionRequests\u003c/code\u003e (e.g., through \u003ccode\u003eTaskRuns\u003c/code\u003e or \u003ccode\u003ePipelineRuns\u003c/code\u003e that utilize the git resolver) can exploit this flaw to read any file from the resolver pod\u0026rsquo;s file system. A successful exploit allows attackers to retrieve sensitive information, such as ServiceAccount tokens, which are base64-encoded and returned in \u003ccode\u003eresolutionrequest.status.data\u003c/code\u003e. The vulnerability has been patched in versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2. This poses a significant risk in multi-tenant environments where lateral movement and privilege escalation are possible.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains the ability to create \u003ccode\u003eTaskRuns\u003c/code\u003e or \u003ccode\u003ePipelineRuns\u003c/code\u003e within a Tekton Pipelines environment.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious \u003ccode\u003eResolutionRequest\u003c/code\u003e that leverages the git resolver.\u003c/li\u003e\n\u003cli\u003eWithin the \u003ccode\u003eResolutionRequest\u003c/code\u003e, the attacker injects a path traversal sequence into the \u003ccode\u003epathInRepo\u003c/code\u003e parameter, such as \u0026ldquo;../../../../etc/passwd\u0026rdquo;.\u003c/li\u003e\n\u003cli\u003eThe git resolver attempts to resolve the resource using the provided path.\u003c/li\u003e\n\u003cli\u003eDue to the path traversal vulnerability, the resolver accesses the file specified by the attacker on the resolver pod\u0026rsquo;s file system.\u003c/li\u003e\n\u003cli\u003eThe contents of the accessed file are read by the resolver.\u003c/li\u003e\n\u003cli\u003eThe resolver encodes the file content in base64.\u003c/li\u003e\n\u003cli\u003eThe base64-encoded content is returned in the \u003ccode\u003eresolutionrequest.status.data\u003c/code\u003e field, allowing the attacker to retrieve the content. This can include sensitive files such as ServiceAccount tokens.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-33211 allows attackers to read arbitrary files from the Tekton Pipelines resolver pod. This can lead to the compromise of sensitive information, including ServiceAccount tokens. If ServiceAccount tokens are compromised, attackers can potentially gain unauthorized access to Kubernetes resources, leading to privilege escalation, lateral movement within the cluster, and potential data exfiltration. The impact is especially high in multi-tenant environments.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Tekton Pipelines to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, or 1.10.2 or later to patch CVE-2026-33211.\u003c/li\u003e\n\u003cli\u003eImplement strict RBAC policies to limit the ability to create \u003ccode\u003eTaskRuns\u003c/code\u003e and \u003ccode\u003ePipelineRuns\u003c/code\u003e to only authorized users and service accounts.\u003c/li\u003e\n\u003cli\u003eMonitor Kubernetes API audit logs for suspicious \u003ccode\u003eResolutionRequest\u003c/code\u003e creation events (see rule: \u0026ldquo;Detect Suspicious ResolutionRequest Creation\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eImplement network policies to restrict network access from the resolver pod to only necessary resources.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-24T00:16:29Z","date_published":"2026-03-24T00:16:29Z","id":"/briefs/2026-03-tekton-traversal/","summary":"The Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter, allowing arbitrary file reads from the resolver pod's filesystem, including ServiceAccount tokens.","title":"Tekton Pipelines Git Resolver Path Traversal Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-03-tekton-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — Tekton","version":"https://jsonfeed.org/version/1.1"}