<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Tekton - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/vendors/tekton/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Tue, 02 Jan 2024 12:00:00 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/vendors/tekton/feed.xml" rel="self" type="application/rss+xml"/><item><title>Tekton Pipeline Git Resolver Git Argument Injection Vulnerability</title><link>https://feed.craftedsignal.io/briefs/2024-01-02-tekton-git-injection/</link><pubDate>Tue, 02 Jan 2024 12:00:00 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2024-01-02-tekton-git-injection/</guid><description>The Tekton Pipeline Git Resolver is vulnerable to git argument injection due to the unsanitized `revision` parameter in the `git fetch` command, allowing remote code execution on the resolver pod and cluster-wide secret exfiltration.</description><content:encoded><![CDATA[<p>The Tekton Pipeline Git Resolver is susceptible to a git argument injection vulnerability. This flaw stems from the improper sanitization of the <code>revision</code> parameter, which is directly passed to the <code>git fetch</code> command. This allows an attacker to inject arbitrary <code>git fetch</code> flags, such as <code>--upload-pack=&lt;binary&gt;</code>. Coupled with the ability to specify local filesystem paths as Git repositories, this enables a malicious actor to execute arbitrary binaries on the resolver pod. The vulnerability affects Tekton Pipelines versions 1.0.0 through 1.11.0. Successful exploitation leads to full cluster-wide secret exfiltration due to the resolver pod's ServiceAccount permissions. This vulnerability impacts any Tekton Pipeline installation where untrusted users can submit ResolutionRequest objects.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker crafts a <code>ResolutionRequest</code> object with a malicious <code>revision</code> parameter. This parameter contains a <code>git fetch</code> flag such as <code>--upload-pack=/usr/bin/curl</code>. The <code>url</code> parameter is set to a local file system path.</li>
<li>The Tekton Git Resolver receives the <code>ResolutionRequest</code> and calls the <code>checkout</code> function in <code>pkg/resolution/resolver/git/repository.go</code>.</li>
<li>The <code>checkout</code> function executes <code>git fetch origin &lt;malicious revision&gt; --depth=1</code> via <code>exec.CommandContext</code>, without any validation on the revision parameter.</li>
<li>Git interprets the injected <code>--upload-pack</code> flag and executes the specified binary (e.g., <code>/usr/bin/curl</code>) on the resolver pod.  The path to a git repository is passed to the executed command as an argument.</li>
<li>The attacker uses the executed binary (e.g. curl) to exfiltrate sensitive information, such as the service account token found at <code>/var/run/secrets/kubernetes.io/serviceaccount/token</code>.</li>
<li>The attacker uses the service account token to read secrets from the Kubernetes API, since the <code>tekton-pipelines-resolvers</code> ServiceAccount has cluster-wide <code>get/list/watch</code> permissions on all Secrets.</li>
<li>The attacker escalates privileges by using the exfiltrated secrets, such as kubeconfig files or cloud provider credentials, to move laterally within the cloud infrastructure.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>This vulnerability allows for arbitrary code execution on the Tekton Pipeline resolver pod. Since the <code>tekton-pipelines-resolvers</code> ServiceAccount possesses cluster-wide <code>get/list/watch</code> permissions on all Secrets, successful exploitation leads to full cluster-wide Secret exfiltration. This can then be leveraged for privilege escalation and lateral movement within the associated cloud infrastructure. The impact is significant, potentially leading to complete compromise of the Kubernetes cluster and associated resources. This issue affects Tekton Pipelines installations with versions ranging from 1.0.0 to 1.11.0.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Deploy the Sigma rule <code>Detect Tekton Git Resolver Upload Pack Injection</code> to detect exploitation attempts by monitoring process creations with the <code>--upload-pack</code> argument.</li>
<li>Apply Fix 1 as described in the advisory by validating that the <code>revision</code> parameter does not begin with a <code>-</code> character in <code>PopulateDefaultParams</code>.</li>
<li>Apply Fix 2 by restricting <code>validateRepoURL</code> to remote URLs only to eliminate local-path remotes.</li>
<li>Upgrade Tekton Pipelines to a patched version beyond 1.11.0 to remediate CVE-2026-40938.</li>
</ul>
]]></content:encoded><category domain="severity">critical</category><category domain="type">advisory</category><category>tekton</category><category>git</category><category>injection</category><category>rce</category><category>secret-exfiltration</category><category>kubernetes</category></item></channel></rss>