Path Traversal in Tekton Pipelines Git Resolver - Arbitrary File Read via Parameter Injection
The Tekton git resolver fails to sanitize the `pathInRepo` parameter, allowing namespace-scoped tenants to read arbitrary files from the resolver pod filesystem via path traversal sequences. This enables credential exfiltration including ServiceAccount tokens.
CVE References
Affected
Vulnerability Description
The Tekton Pipelines git resolver contains a path traversal vulnerability in the getFileContent() function within pkg/resolution/resolver/git/repository.go. The vulnerability stems from unsafe path joining using filepath.Join(repo.directory, path) where the pathInRepo parameter derives from untrusted user input in ResolutionRequest objects. No validation is performed to prevent directory traversal sequences (e.g., ../, ..\), allowing attackers to escape the intended repository clone directory. The root cause traces to a code migration that switched from go-git's in-memory filesystem (inherently safe) to direct os.ReadFile() calls on the host filesystem.
Proof-of-Concept Significance
This PoC validates that any namespace-scoped tenant with permissions to create TaskRuns or PipelineRuns can reliably exploit the flaw. The precondition is minimal—standard RBAC allowing task/pipeline creation—making this exploitable in multi-tenant Kubernetes clusters. The base64-encoded file contents returned in resolutionrequest.status.data provide direct exfiltration channels. The reliability is high due to the deterministic nature of filesystem paths and lack of runtime protections.
Detection Guidance
Log Indicators: Monitor for ResolutionRequest objects with pathInRepo values containing ../, ..\, or URL-encoded equivalents (%2e%2e/). Audit Kubernetes API server logs for suspicious resolution requests. YARA Signature: Search for patterns matching pathInRepo.*\.\./ in cluster event logs or etcd backups. Runtime Detection: Monitor resolver pod syscalls for openat() operations accessing paths outside the expected git clone directory tree using eBPF or auditd. Track ServiceAccount token reads via file access monitoring.
Mitigation Steps
Immediate: Upgrade Tekton Pipelines to patched version (post-commit 318006c4e3a5 fix). Input Validation: Patch getFileContent() to reject pathInRepo values containing .. or absolute paths; use filepath.Clean() and verify the result remains under the repository directory. RBAC Hardening: Restrict resolutionrequests.create permissions to trusted namespaces/service accounts. Network Policy: Isolate resolver pods to prevent lateral movement post-exploitation. Audit: Enable Kubernetes audit logging for all ResolutionRequest modifications and status reads.
Risk Assessment
This vulnerability poses critical risk in production multi-tenant clusters. The attack surface is broad—any tenant with standard pipeline/task creation rights becomes a threat vector. Threat actors targeting CI/CD supply chains will prioritize this; ServiceAccount token exfiltration enables cluster privilege escalation and lateral movement. Exploitation likelihood is high given low barrier to entry and high information value. Organizations using Tekton in shared environments should treat this as priority-0 security issue requiring immediate patching and compensating controls pending updates.
Sources