Listen to this Post
The vulnerability arises from a validation bypass in the VolumeMount path restriction. Tekton Pipelines normally blocks mounting volumes under restricted internal paths like `/tekton/` (except /tekton/home). The validation in `pkg/apis/pipeline/v1/container_validation.go` and `pkg/apis/pipeline/v1beta1/task_validation.go` uses `strings.HasPrefix` without first normalizing the path. This allows an attacker to use path traversal components, such as .., to bypass the check. For example, a path like `/tekton/home/../results` passes the validation because it starts with the allowed prefix /tekton/home. However, at runtime, the container runtime resolves the `..` component, resulting in the volume being mounted at /tekton/results. This effectively circumvents the restriction, enabling an attacker to mount volumes over internal Tekton paths.
dailycve form:
Platform: Tekton Pipelines
Version: through v1.11.0
Vulnerability: Path Traversal
Severity: Medium
date: 2025-04-21
Prediction: include expected Patch date: 2025-05-15
What Undercode Say:
Simulate the vulnerable validation check mount_path="/tekton/home/../results" if [[ $mount_path == /tekton/ && $mount_path != /tekton/home ]]; then echo "Rejected" else echo "Accepted (bypass)" fi Output: Accepted (bypass)
Check for affected versions
kubectl get deployment tekton-pipelines-controller -n tekton-pipelines -o jsonpath='{.spec.template.spec.containers[bash].image}'
Exploit:
An authenticated user with Task or TaskRun creation permissions can craft a malicious Task YAML. They can specify a volumeMount path containing `..` to mount a volume over an internal Tekton path. For instance:
volumeMounts: - name: malicious-volume mountPath: /tekton/home/../results
This would mount the volume at `/tekton/results` at runtime, allowing the user to write fake task results, read or modify step scripts, or interfere with the entrypoint coordination state.
Protection from this CVE:
- Upgrade to Tekton Pipelines v1.11.1 or later.
- Use admission controllers like OPA/Gatekeeper or Kyverno to validate that VolumeMount paths do not contain `..` components.
- In multi-tenant setups, restrict who can create Task and TaskRun resources via RBAC.
- Apply network policies to limit egress traffic from the `tekton-pipelines-resolvers` namespace.
Impact:
- An attacker could write fake task results that downstream pipelines might trust.
- They could read or modify step scripts before execution.
- They could interfere with the entrypoint coordination state, potentially altering the intended pipeline behavior.
- This could lead to unauthorized data access, pipeline manipulation, and disruption of CI/CD processes.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

