{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/tekton/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Tekton Pipelines"],"_cs_severities":["critical"],"_cs_tags":["tekton","git","injection","rce","secret-exfiltration","kubernetes"],"_cs_type":"advisory","_cs_vendors":["Tekton"],"content_html":"\u003cp\u003eThe Tekton Pipeline Git Resolver is susceptible to a git argument injection vulnerability. This flaw stems from the improper sanitization of the \u003ccode\u003erevision\u003c/code\u003e parameter, which is directly passed to the \u003ccode\u003egit fetch\u003c/code\u003e command. This allows an attacker to inject arbitrary \u003ccode\u003egit fetch\u003c/code\u003e flags, such as \u003ccode\u003e--upload-pack=\u0026lt;binary\u0026gt;\u003c/code\u003e. Coupled with the ability to specify local filesystem paths as Git repositories, this enables a malicious actor to execute arbitrary binaries on the resolver pod. The vulnerability affects Tekton Pipelines versions 1.0.0 through 1.11.0. Successful exploitation leads to full cluster-wide secret exfiltration due to the resolver pod's ServiceAccount permissions. This vulnerability impacts any Tekton Pipeline installation where untrusted users can submit ResolutionRequest objects.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a \u003ccode\u003eResolutionRequest\u003c/code\u003e object with a malicious \u003ccode\u003erevision\u003c/code\u003e parameter. This parameter contains a \u003ccode\u003egit fetch\u003c/code\u003e flag such as \u003ccode\u003e--upload-pack=/usr/bin/curl\u003c/code\u003e. The \u003ccode\u003eurl\u003c/code\u003e parameter is set to a local file system path.\u003c/li\u003e\n\u003cli\u003eThe Tekton Git Resolver receives the \u003ccode\u003eResolutionRequest\u003c/code\u003e and calls the \u003ccode\u003echeckout\u003c/code\u003e function in \u003ccode\u003epkg/resolution/resolver/git/repository.go\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003echeckout\u003c/code\u003e function executes \u003ccode\u003egit fetch origin \u0026lt;malicious revision\u0026gt; --depth=1\u003c/code\u003e via \u003ccode\u003eexec.CommandContext\u003c/code\u003e, without any validation on the revision parameter.\u003c/li\u003e\n\u003cli\u003eGit interprets the injected \u003ccode\u003e--upload-pack\u003c/code\u003e flag and executes the specified binary (e.g., \u003ccode\u003e/usr/bin/curl\u003c/code\u003e) on the resolver pod.  The path to a git repository is passed to the executed command as an argument.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the executed binary (e.g. curl) to exfiltrate sensitive information, such as the service account token found at \u003ccode\u003e/var/run/secrets/kubernetes.io/serviceaccount/token\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the service account token to read secrets from the Kubernetes API, since the \u003ccode\u003etekton-pipelines-resolvers\u003c/code\u003e ServiceAccount has cluster-wide \u003ccode\u003eget/list/watch\u003c/code\u003e permissions on all Secrets.\u003c/li\u003e\n\u003cli\u003eThe attacker escalates privileges by using the exfiltrated secrets, such as kubeconfig files or cloud provider credentials, to move laterally within the cloud infrastructure.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis vulnerability allows for arbitrary code execution on the Tekton Pipeline resolver pod. Since the \u003ccode\u003etekton-pipelines-resolvers\u003c/code\u003e ServiceAccount possesses cluster-wide \u003ccode\u003eget/list/watch\u003c/code\u003e permissions on all Secrets, successful exploitation leads to full cluster-wide Secret exfiltration. This can then be leveraged for privilege escalation and lateral movement within the associated cloud infrastructure. The impact is significant, potentially leading to complete compromise of the Kubernetes cluster and associated resources. This issue affects Tekton Pipelines installations with versions ranging from 1.0.0 to 1.11.0.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Tekton Git Resolver Upload Pack Injection\u003c/code\u003e to detect exploitation attempts by monitoring process creations with the \u003ccode\u003e--upload-pack\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eApply Fix 1 as described in the advisory by validating that the \u003ccode\u003erevision\u003c/code\u003e parameter does not begin with a \u003ccode\u003e-\u003c/code\u003e character in \u003ccode\u003ePopulateDefaultParams\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eApply Fix 2 by restricting \u003ccode\u003evalidateRepoURL\u003c/code\u003e to remote URLs only to eliminate local-path remotes.\u003c/li\u003e\n\u003cli\u003eUpgrade Tekton Pipelines to a patched version beyond 1.11.0 to remediate CVE-2026-40938.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-02T12:00:00Z","date_published":"2024-01-02T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-02-tekton-git-injection/","summary":"The Tekton Pipeline Git Resolver is vulnerable to git argument injection due to the unsanitized `revision` parameter in the `git fetch` command, allowing remote code execution on the resolver pod and cluster-wide secret exfiltration.","title":"Tekton Pipeline Git Resolver Git Argument Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-02-tekton-git-injection/"}],"language":"en","title":"CraftedSignal Threat Feed - Tekton","version":"https://jsonfeed.org/version/1.1"}