Search
Find a vulnerability
Search criteria
16 vulnerabilities found for tekton_pipelines by linuxfoundation
CVE-2026-40938 (GCVE-0-2026-40938)
Vulnerability from nvd – Published: 2026-04-21 20:45 – Updated: 2026-06-30 12:05
VLAI
Title
Tekton Pipelines: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE
Summary
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=<binary>. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue.
Severity
7.5 (High)
8.5 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://github.com/tektoncd/pipeline/security/adv… | x_refsource_CONFIRM |
| https://github.com/tektoncd/pipeline/releases/tag… | x_refsource_MISC |
| https://access.redhat.com/security/cve/CVE-2026-40938 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2460292 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:24359 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:17546 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:26538 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:26519 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:24484 | vendor-advisoryx_refsource_REDHAT |
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| tektoncd | pipeline |
Affected:
>= 1.0.0, < 1.0.2
Affected: >= 1.2.0, < 1.3.4 Affected: >= 1.4.0, < 1.6.2 Affected: >= 1.7.0, < 1.9.3 Affected: >= 1.10.0, < 1.11.1 |
|
| Red Hat | Red Hat OpenShift Builds 1.7.3 |
cpe:/a:redhat:openshift_builds:1.7::el9 |
|
| Red Hat | Red Hat OpenShift Builds 1.8.0 |
cpe:/a:redhat:openshift_builds:1.8::el9 |
|
| Red Hat | Red Hat OpenShift Pipelines 1.21 |
cpe:/a:redhat:openshift_pipelines:1.21::el9 |
|
| Red Hat | OpenShift Pipelines |
cpe:/a:redhat:openshift_pipelines:1 |
|
| Red Hat | OpenShift Lightspeed |
cpe:/a:redhat:openshift_lightspeed |
|
| Red Hat | OpenShift Serverless |
cpe:/a:redhat:serverless:1 |
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
|
| Red Hat | Red Hat Trusted Artifact Signer |
cpe:/a:redhat:trusted_artifact_signer:1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40938",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-22T18:31:54.871943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T18:36:16.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:openshift_builds:1.7::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Builds 1.7.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_builds:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Builds 1.8.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1.21::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Pipelines 1.21",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "unaffected",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:serverless:1"
],
"defaultStatus": "unaffected",
"product": "OpenShift Serverless",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Trusted Artifact Signer",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-21T20:45:24.658Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Tekton Pipelines, a system for declaring continuous integration/continuous delivery (CI/CD) pipelines. An authenticated user, able to submit `ResolutionRequest` objects, can exploit a vulnerability by injecting malicious commands into the git resolver\u0027s revision parameter. This allows for the execution of unauthorized programs on the resolver pod. Successful exploitation can lead to the exfiltration of all cluster-wide secrets, resulting in significant information disclosure."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:05:58.492Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-40938"
},
{
"name": "RHBZ#2460292",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460292"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40938.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24359"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17546"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26538"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26519"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24484"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:24359: Red Hat OpenShift Builds 1.7.3"
},
{
"lang": "en",
"value": "RHSA-2026:17546: Red Hat OpenShift Builds 1.8.0"
},
{
"lang": "en",
"value": "RHSA-2026:26538: Red Hat OpenShift Pipelines 1.21"
},
{
"lang": "en",
"value": "RHSA-2026:26519: Red Hat OpenShift Pipelines 1.21"
},
{
"lang": "en",
"value": "RHSA-2026:24484: Red Hat OpenShift Pipelines 1.21"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-21T21:02:16.557Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-21T20:45:24.658Z",
"value": "Made public."
}
],
"title": "github.com/tektoncd/pipeline: Tekton Pipelines: Arbitrary code execution and secret exfiltration via malicious git commands",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "pipeline",
"vendor": "tektoncd",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.0.2"
},
{
"status": "affected",
"version": "\u003e= 1.2.0, \u003c 1.3.4"
},
{
"status": "affected",
"version": "\u003e= 1.4.0, \u003c 1.6.2"
},
{
"status": "affected",
"version": "\u003e= 1.7.0, \u003c 1.9.3"
},
{
"status": "affected",
"version": "\u003e= 1.10.0, \u003c 1.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver\u0027s revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=\u003cbinary\u003e. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T22:40:09.754Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq"
},
{
"name": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1"
}
],
"source": {
"advisory": "GHSA-94jr-7pqp-xhcq",
"discovery": "UNKNOWN"
},
"title": "Tekton Pipelines: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40938",
"datePublished": "2026-04-21T20:45:24.658Z",
"dateReserved": "2026-04-15T20:40:15.518Z",
"dateUpdated": "2026-06-30T12:05:58.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40924 (GCVE-0-2026-40924)
Vulnerability from nvd – Published: 2026-04-21 20:47 – Updated: 2026-05-22 16:03
VLAI
Title
Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion
Summary
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the HTTP resolver's FetchHttpResource function calls io.ReadAll(resp.Body) with no response body size limit. Any tenant with permission to create TaskRuns or PipelineRuns that reference the HTTP resolver can point it at an attacker-controlled HTTP server that returns a very large response body within the 1-minute timeout window, causing the tekton-pipelines-resolvers pod to be OOM-killed by Kubernetes. Because all resolver types (Git, Hub, Bundle, Cluster, HTTP) run in the same pod, crashing this pod denies resolution service to the entire cluster. Repeated exploitation causes a sustained crash loop. The same vulnerable code path is reached by both the deprecated pkg/resolution/resolver/http and the current pkg/remoteresolution/resolver/http implementations. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/tektoncd/pipeline/security/adv… | x_refsource_CONFIRM |
| https://github.com/tektoncd/pipeline/releases/tag… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40924",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-22T13:21:18.942819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T13:21:28.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-m2cx-gpqf-qf74"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pipeline",
"vendor": "tektoncd",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.0.2"
},
{
"status": "affected",
"version": "\u003e= 1.2.0, \u003c 1.3.4"
},
{
"status": "affected",
"version": "\u003e= 1.4.0, \u003c 1.6.2"
},
{
"status": "affected",
"version": "\u003e= 1.7.0, \u003c 1.9.3"
},
{
"status": "affected",
"version": "\u003e= 1.10.0, \u003c 1.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the HTTP resolver\u0027s FetchHttpResource function calls io.ReadAll(resp.Body) with no response body size limit. Any tenant with permission to create TaskRuns or PipelineRuns that reference the HTTP resolver can point it at an attacker-controlled HTTP server that returns a very large response body within the 1-minute timeout window, causing the tekton-pipelines-resolvers pod to be OOM-killed by Kubernetes. Because all resolver types (Git, Hub, Bundle, Cluster, HTTP) run in the same pod, crashing this pod denies resolution service to the entire cluster. Repeated exploitation causes a sustained crash loop. The same vulnerable code path is reached by both the deprecated pkg/resolution/resolver/http and the current pkg/remoteresolution/resolver/http implementations. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T16:03:53.528Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-m2cx-gpqf-qf74",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-m2cx-gpqf-qf74"
},
{
"name": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1"
}
],
"source": {
"advisory": "GHSA-m2cx-gpqf-qf74",
"discovery": "UNKNOWN"
},
"title": "Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40924",
"datePublished": "2026-04-21T20:47:47.178Z",
"dateReserved": "2026-04-15T20:40:15.517Z",
"dateUpdated": "2026-05-22T16:03:53.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40923 (GCVE-0-2026-40923)
Vulnerability from nvd – Published: 2026-04-21 20:50 – Updated: 2026-05-22 15:41
VLAI
Title
Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check
Summary
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal paths by using .. path traversal components. The restriction check uses strings.HasPrefix without filepath.Clean, so a path like /tekton/home/../results passes validation but resolves to /tekton/results at runtime. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/tektoncd/pipeline/security/adv… | x_refsource_CONFIRM |
| https://github.com/tektoncd/pipeline/releases/tag… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40923",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-22T13:50:48.955785Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T13:51:13.268Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pipeline",
"vendor": "tektoncd",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.0.2"
},
{
"status": "affected",
"version": "\u003e= 1.2.0, \u003c 1.3.4"
},
{
"status": "affected",
"version": "\u003e= 1.4.0, \u003c 1.6.2"
},
{
"status": "affected",
"version": "\u003e= 1.7.0, \u003c 1.9.3"
},
{
"status": "affected",
"version": "\u003e= 1.10.0, \u003c 1.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal paths by using .. path traversal components. The restriction check uses strings.HasPrefix without filepath.Clean, so a path like /tekton/home/../results passes validation but resolves to /tekton/results at runtime. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T15:41:51.388Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-rx35-6rhx-7858",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-rx35-6rhx-7858"
},
{
"name": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1"
}
],
"source": {
"advisory": "GHSA-rx35-6rhx-7858",
"discovery": "UNKNOWN"
},
"title": "Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40923",
"datePublished": "2026-04-21T20:50:53.742Z",
"dateReserved": "2026-04-15T20:40:15.517Z",
"dateUpdated": "2026-05-22T15:41:51.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40161 (GCVE-0-2026-40161)
Vulnerability from nvd – Published: 2026-04-21 16:26 – Updated: 2026-05-21 21:20
VLAI
Title
Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL
Summary
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a user-controlled serverURL when the user omits the token parameter. A tenant with TaskRun or PipelineRun create permission can exfiltrate the shared API token (GitHub PAT, GitLab token, etc.) by pointing serverURL to an attacker-controlled endpoint. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue.
Severity
7.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/tektoncd/pipeline/security/adv… | x_refsource_CONFIRM |
| https://github.com/tektoncd/pipeline/issues/9608 | x_refsource_MISC |
| https://github.com/tektoncd/pipeline/issues/9609 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-21T17:41:32.164689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T17:41:38.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pipeline",
"vendor": "tektoncd",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.0.2"
},
{
"status": "affected",
"version": "\u003e= 1.2.0, \u003c 1.3.4"
},
{
"status": "affected",
"version": "\u003e= 1.4.0, \u003c 1.6.2"
},
{
"status": "affected",
"version": "\u003e= 1.7.0, \u003c 1.9.3"
},
{
"status": "affected",
"version": "\u003e= 1.10.0, \u003c 1.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a user-controlled serverURL when the user omits the token parameter. A tenant with TaskRun or PipelineRun create permission can exfiltrate the shared API token (GitHub PAT, GitLab token, etc.) by pointing serverURL to an attacker-controlled endpoint. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201: Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T21:20:13.227Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-wjxp-xrpv-xpff",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-wjxp-xrpv-xpff"
},
{
"name": "https://github.com/tektoncd/pipeline/issues/9608",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/issues/9608"
},
{
"name": "https://github.com/tektoncd/pipeline/issues/9609",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/issues/9609"
}
],
"source": {
"advisory": "GHSA-wjxp-xrpv-xpff",
"discovery": "UNKNOWN"
},
"title": "Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40161",
"datePublished": "2026-04-21T16:26:27.381Z",
"dateReserved": "2026-04-09T19:31:56.014Z",
"dateUpdated": "2026-05-21T21:20:13.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25542 (GCVE-0-2026-25542)
Vulnerability from nvd – Published: 2026-04-21 16:05 – Updated: 2026-05-22 16:06
VLAI
Title
Tekton Pipelines: VerificationPolicy regex pattern bypass via substring matching
Summary
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.43.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, trusted resources verification policies match a resource source string (refSource.URI) against spec.resources[].pattern using regexp.MatchString. In Go, regexp.MatchString reports a match if the pattern matches anywhere in the string, so common unanchored patterns (including examples in tekton documentation) can be bypassed by attacker-controlled source strings that contain the trusted pattern as a substring. This can cause an unintended policy match and change which verification mode/keys apply. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-185 - Incorrect Regular Expression
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/tektoncd/pipeline/security/adv… | x_refsource_CONFIRM |
| https://github.com/tektoncd/pipeline/commit/b8905… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25542",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-21T16:48:04.873157Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T16:48:15.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pipeline",
"vendor": "tektoncd",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.43.0, \u003c 1.0.2"
},
{
"status": "affected",
"version": "\u003e= 1.2.0, \u003c 1.3.4"
},
{
"status": "affected",
"version": "\u003e= 1.4.0, \u003c 1.6.2"
},
{
"status": "affected",
"version": "\u003e= 1.7.0, \u003c 1.9.3"
},
{
"status": "affected",
"version": "\u003e= 1.10.0, \u003c 1.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.43.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, trusted resources verification policies match a resource source string (refSource.URI) against spec.resources[].pattern using regexp.MatchString. In Go, regexp.MatchString reports a match if the pattern matches anywhere in the string, so common unanchored patterns (including examples in tekton documentation) can be bypassed by attacker-controlled source strings that contain the trusted pattern as a substring. This can cause an unintended policy match and change which verification mode/keys apply. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-185",
"description": "CWE-185: Incorrect Regular Expression",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T16:06:24.202Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-rmx9-2pp3-xhcr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-rmx9-2pp3-xhcr"
},
{
"name": "https://github.com/tektoncd/pipeline/commit/b8905600322aa86327baae0a7c04d6cf1207362a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/commit/b8905600322aa86327baae0a7c04d6cf1207362a"
}
],
"source": {
"advisory": "GHSA-rmx9-2pp3-xhcr",
"discovery": "UNKNOWN"
},
"title": "Tekton Pipelines: VerificationPolicy regex pattern bypass via substring matching"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25542",
"datePublished": "2026-04-21T16:05:43.217Z",
"dateReserved": "2026-02-02T19:59:47.375Z",
"dateUpdated": "2026-05-22T16:06:24.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33211 (GCVE-0-2026-33211)
Vulnerability from nvd – Published: 2026-03-23 23:55 – Updated: 2026-06-30 12:07
VLAI
Title
Tekton Pipelines git resolver has path traversal that allows reading arbitrary files from the resolver pod
Summary
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter. A tenant with permission to create `ResolutionRequests` (e.g. by creating `TaskRuns` or `PipelineRuns` that use the git resolver) can read arbitrary files from the resolver pod's filesystem, including ServiceAccount tokens. The file contents are returned base64-encoded in `resolutionrequest.status.data`. Versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2 contain a patch.
Severity
9.6 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
21 references
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| tektoncd | pipeline |
Affected:
>= 1.0.0, < 1.0.1
Affected: >= 1.1.0, < 1.3.3 Affected: >= 1.4.0, < 1.6.1 Affected: >= 1.7.0, < 1.9.2 Affected: >= 1.10.0, < 1.10.2 |
|
| Red Hat | Red Hat OpenShift Builds 1.6.5 |
cpe:/a:redhat:openshift_builds:1.6::el9 |
|
| Red Hat | Red Hat OpenShift Builds 1.7.3 |
cpe:/a:redhat:openshift_builds:1.7::el9 |
|
| Red Hat | Red Hat OpenShift Pipelines 1.21 |
cpe:/a:redhat:openshift_pipelines:1.21::el9 |
|
| Red Hat | Red Hat OpenShift Pipelines 1.2 |
cpe:/a:redhat:openshift_pipelines:1.20::el9 |
|
| Red Hat | Red Hat Trusted Artifact Signer 1.3 |
cpe:/a:redhat:trusted_artifact_signer:1.3::el9 |
|
| Red Hat | OpenShift Pipelines |
cpe:/a:redhat:openshift_pipelines:1 |
|
| Red Hat | OpenShift Serverless |
cpe:/a:redhat:serverless:1 |
|
| Red Hat | Builds for Red Hat OpenShift |
cpe:/a:redhat:openshift_builds:1 |
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33211",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T15:40:21.314239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T15:41:02.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:openshift_builds:1.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Builds 1.6.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_builds:1.7::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Builds 1.7.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1.21::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Pipelines 1.21",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1.20::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Pipelines 1.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer 1.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:serverless:1"
],
"defaultStatus": "affected",
"product": "OpenShift Serverless",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_builds:1"
],
"defaultStatus": "unaffected",
"product": "Builds for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-23T23:55:54.089Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Tekton Pipelines, specifically in the Tekton Pipelines git resolver. A tenant with permissions to create ResolutionRequests can exploit a path traversal vulnerability via the `pathInRepo` parameter. This allows the tenant to read arbitrary files from the resolver pod\u0027s filesystem, leading to information disclosure, including sensitive ServiceAccount tokens. The contents of these files are returned in a base64-encoded format."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:07:37.319Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-33211"
},
{
"name": "RHBZ#2450554",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450554"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33211.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10155"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10158"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6170"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6166"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24484"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10066"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21932"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21931"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10026"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10125"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:10155: Red Hat OpenShift Builds 1.6.5"
},
{
"lang": "en",
"value": "RHSA-2026:10158: Red Hat OpenShift Builds 1.7.3"
},
{
"lang": "en",
"value": "RHSA-2026:6170: Red Hat OpenShift Pipelines 1.21"
},
{
"lang": "en",
"value": "RHSA-2026:6166: Red Hat OpenShift Pipelines 1.21"
},
{
"lang": "en",
"value": "RHSA-2026:24484: Red Hat OpenShift Pipelines 1.21"
},
{
"lang": "en",
"value": "RHSA-2026:10066: Red Hat OpenShift Pipelines 1.2"
},
{
"lang": "en",
"value": "RHSA-2026:21932: Red Hat OpenShift Pipelines 1.2"
},
{
"lang": "en",
"value": "RHSA-2026:21931: Red Hat OpenShift Pipelines 1.2"
},
{
"lang": "en",
"value": "RHSA-2026:10026: Red Hat OpenShift Pipelines 1.2"
},
{
"lang": "en",
"value": "RHSA-2026:10125: Red Hat Trusted Artifact Signer 1.3"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-24T00:02:20.093Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-23T23:55:54.089Z",
"value": "Made public."
}
],
"title": "Tekton Pipelines: github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure via path traversal in git resolver",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this vulnerability, restrict the creation of ResolutionRequests to trusted users and service accounts. Implement strict Role-Based Access Control (RBAC) policies to limit which tenants can create TaskRuns or PipelineRuns that utilize the Tekton Pipelines git resolver. This reduces the exposure by preventing unauthorized access to the resolver pod\u0027s filesystem."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "pipeline",
"vendor": "tektoncd",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.0.1"
},
{
"status": "affected",
"version": "\u003e= 1.1.0, \u003c 1.3.3"
},
{
"status": "affected",
"version": "\u003e= 1.4.0, \u003c 1.6.1"
},
{
"status": "affected",
"version": "\u003e= 1.7.0, \u003c 1.9.2"
},
{
"status": "affected",
"version": "\u003e= 1.10.0, \u003c 1.10.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter. A tenant with permission to create `ResolutionRequests` (e.g. by creating `TaskRuns` or `PipelineRuns` that use the git resolver) can read arbitrary files from the resolver pod\u0027s filesystem, including ServiceAccount tokens. The file contents are returned base64-encoded in `resolutionrequest.status.data`. Versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2 contain a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T23:55:54.089Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c"
},
{
"name": "https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c"
},
{
"name": "https://github.com/tektoncd/pipeline/commit/318006c4e3a5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/commit/318006c4e3a5"
},
{
"name": "https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd"
},
{
"name": "https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae"
},
{
"name": "https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e"
},
{
"name": "https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db"
},
{
"name": "https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78"
}
],
"source": {
"advisory": "GHSA-j5q5-j9gm-2w5c",
"discovery": "UNKNOWN"
},
"title": "Tekton Pipelines git resolver has path traversal that allows reading arbitrary files from the resolver pod"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33211",
"datePublished": "2026-03-23T23:55:54.089Z",
"dateReserved": "2026-03-17T23:23:58.313Z",
"dateUpdated": "2026-06-30T12:07:37.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33022 (GCVE-0-2026-33022)
Vulnerability from nvd – Published: 2026-03-20 07:48 – Updated: 2026-03-20 18:07
VLAI
Title
Tekton Pipelines: Controller can panic when setting long resolver names in TaskRun/PipelineRun
Summary
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions 0.60.0 through 1.0.0, 1.1.0 through 1.3.2, 1.4.0 through 1.6.0, 1.7.0 through 1.9.0, 1.10.0, and 1.10.1 have a denial-of-service vulnerability in that allows any user who can create a TaskRun or PipelineRun to crash the controller cluster-wide by setting .spec.taskRef.resolver (or .spec.pipelineRef.resolver) to a string of 31+ characters. The crash occurs because GenerateDeterministicNameFromSpec produces a name exceeding the 63-character DNS-1123 label limit, and its truncation logic panics on a [-1] slice bound since the generated name contains no spaces. Once crashed, the controller enters a CrashLoopBackOff on restart (as it re-reconciles the offending resource), blocking all CI/CD reconciliation until the resource is manually deleted. Built-in resolvers (git, cluster, bundles, hub) are unaffected due to their short names, but any custom resolver name triggers the bug. The fix truncates the resolver-name prefix instead of the full string, preserving the hash suffix for determinism and uniqueness. This issue has been patched in versions 1.0.1, 1.3.3, 1.6.1, 1.9.2 and 1.10.2.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-129 - Improper Validation of Array Index
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/tektoncd/pipeline/security/adv… | x_refsource_CONFIRM |
| https://github.com/tektoncd/pipeline/commit/5eead… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33022",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-20T16:22:10.536063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T18:07:35.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pipeline",
"vendor": "tektoncd",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.60.0, \u003c 1.0.1"
},
{
"status": "affected",
"version": "\u003e= 1.1.0, \u003c 1.3.3"
},
{
"status": "affected",
"version": "\u003e= 1.4.0, \u003c 1.6.1"
},
{
"status": "affected",
"version": "\u003e= 1.7.0, \u003c 1.9.2"
},
{
"status": "affected",
"version": "\u003e= 1.10.0, \u003c 1.10.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions 0.60.0 through 1.0.0, 1.1.0 through 1.3.2, 1.4.0 through 1.6.0, 1.7.0 through 1.9.0, 1.10.0, and 1.10.1 have a denial-of-service vulnerability in that allows any user who can create a TaskRun or PipelineRun to crash the controller cluster-wide by setting .spec.taskRef.resolver (or .spec.pipelineRef.resolver) to a string of 31+ characters. The crash occurs because GenerateDeterministicNameFromSpec produces a name exceeding the 63-character DNS-1123 label limit, and its truncation logic panics on a [-1] slice bound since the generated name contains no spaces. Once crashed, the controller enters a CrashLoopBackOff on restart (as it re-reconciles the offending resource), blocking all CI/CD reconciliation until the resource is manually deleted. Built-in resolvers (git, cluster, bundles, hub) are unaffected due to their short names, but any custom resolver name triggers the bug. The fix truncates the resolver-name prefix instead of the full string, preserving the hash suffix for determinism and uniqueness. This issue has been patched in versions 1.0.1, 1.3.3, 1.6.1, 1.9.2 and 1.10.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129: Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T07:48:15.383Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-cv4x-93xx-wgfj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-cv4x-93xx-wgfj"
},
{
"name": "https://github.com/tektoncd/pipeline/commit/5eead3f859b9f938e86039e4d29185092c1d4ee6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/commit/5eead3f859b9f938e86039e4d29185092c1d4ee6"
}
],
"source": {
"advisory": "GHSA-cv4x-93xx-wgfj",
"discovery": "UNKNOWN"
},
"title": "Tekton Pipelines: Controller can panic when setting long resolver names in TaskRun/PipelineRun"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33022",
"datePublished": "2026-03-20T07:48:15.383Z",
"dateReserved": "2026-03-17T17:22:14.667Z",
"dateUpdated": "2026-03-20T18:07:35.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-37264 (GCVE-0-2023-37264)
Vulnerability from nvd – Published: 2023-07-07 16:23 – Updated: 2024-11-04 20:23
VLAI
Title
Pipelines do not validate child UIDs
Summary
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child Task. While the software stores and validates the PipelineRun's (api version, kind, name, uid) in the child Run's OwnerReference, it only store (api version, kind, name) in the ChildStatusReference. This means that if a client had access to create TaskRuns on a cluster, they could create a child TaskRun for a pipeline with the same name + owner reference, and the Pipeline controller picks it up as if it was the original TaskRun. This is problematic since it can let users modify the config of Pipelines at runtime, which violates SLSA L2 Service Generated / Non-falsifiable requirements. This issue can be used to trick the Pipeline controller into associating unrelated Runs to the Pipeline, feeding its data through the rest of the Pipeline. This requires access to create TaskRuns, so impact may vary depending on one Tekton setup. If users already have unrestricted access to create any Task/PipelineRun, this does not grant any additional capabilities. As of time of publication, there are no known patches for this issue.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/tektoncd/pipeline/security/adv… | x_refsource_CONFIRM |
| https://github.com/tektoncd/pipeline/blob/2d38f5f… | x_refsource_MISC |
| https://pkg.go.dev/github.com/tektoncd/pipeline/p… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:09:33.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-w2h3-vvvq-3m53",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-w2h3-vvvq-3m53"
},
{
"name": "https://github.com/tektoncd/pipeline/blob/2d38f5fa840291395178422d34b36b1bc739e2a2/pkg/reconciler/pipelinerun/pipelinerun.go#L1358-L1372",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tektoncd/pipeline/blob/2d38f5fa840291395178422d34b36b1bc739e2a2/pkg/reconciler/pipelinerun/pipelinerun.go#L1358-L1372"
},
{
"name": "https://pkg.go.dev/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1#ChildStatusReference",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pkg.go.dev/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1#ChildStatusReference"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:tektoncd:pipeline:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pipeline",
"vendor": "tektoncd",
"versions": [
{
"lessThanOrEqual": "0.49.0",
"status": "affected",
"version": "0.35.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37264",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-04T20:21:12.184314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T20:23:21.819Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pipeline",
"vendor": "tektoncd",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.35.0, \u003c= 0.49.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child Task. While the software stores and validates the PipelineRun\u0027s (api version, kind, name, uid) in the child Run\u0027s OwnerReference, it only store (api version, kind, name) in the ChildStatusReference. This means that if a client had access to create TaskRuns on a cluster, they could create a child TaskRun for a pipeline with the same name + owner reference, and the Pipeline controller picks it up as if it was the original TaskRun. This is problematic since it can let users modify the config of Pipelines at runtime, which violates SLSA L2 Service Generated / Non-falsifiable requirements. This issue can be used to trick the Pipeline controller into associating unrelated Runs to the Pipeline, feeding its data through the rest of the Pipeline. This requires access to create TaskRuns, so impact may vary depending on one Tekton setup. If users already have unrestricted access to create any Task/PipelineRun, this does not grant any additional capabilities. As of time of publication, there are no known patches for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T18:30:38.979Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-w2h3-vvvq-3m53",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-w2h3-vvvq-3m53"
},
{
"name": "https://github.com/tektoncd/pipeline/blob/2d38f5fa840291395178422d34b36b1bc739e2a2/pkg/reconciler/pipelinerun/pipelinerun.go#L1358-L1372",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/blob/2d38f5fa840291395178422d34b36b1bc739e2a2/pkg/reconciler/pipelinerun/pipelinerun.go#L1358-L1372"
},
{
"name": "https://pkg.go.dev/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1#ChildStatusReference",
"tags": [
"x_refsource_MISC"
],
"url": "https://pkg.go.dev/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1#ChildStatusReference"
}
],
"source": {
"advisory": "GHSA-w2h3-vvvq-3m53",
"discovery": "UNKNOWN"
},
"title": "Pipelines do not validate child UIDs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37264",
"datePublished": "2023-07-07T16:23:09.866Z",
"dateReserved": "2023-06-29T19:35:26.438Z",
"dateUpdated": "2024-11-04T20:23:21.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-40923 (GCVE-0-2026-40923)
Vulnerability from cvelistv5 – Published: 2026-04-21 20:50 – Updated: 2026-05-22 15:41
VLAI
Title
Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check
Summary
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal paths by using .. path traversal components. The restriction check uses strings.HasPrefix without filepath.Clean, so a path like /tekton/home/../results passes validation but resolves to /tekton/results at runtime. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/tektoncd/pipeline/security/adv… | x_refsource_CONFIRM |
| https://github.com/tektoncd/pipeline/releases/tag… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40923",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-22T13:50:48.955785Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T13:51:13.268Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pipeline",
"vendor": "tektoncd",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.0.2"
},
{
"status": "affected",
"version": "\u003e= 1.2.0, \u003c 1.3.4"
},
{
"status": "affected",
"version": "\u003e= 1.4.0, \u003c 1.6.2"
},
{
"status": "affected",
"version": "\u003e= 1.7.0, \u003c 1.9.3"
},
{
"status": "affected",
"version": "\u003e= 1.10.0, \u003c 1.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal paths by using .. path traversal components. The restriction check uses strings.HasPrefix without filepath.Clean, so a path like /tekton/home/../results passes validation but resolves to /tekton/results at runtime. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T15:41:51.388Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-rx35-6rhx-7858",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-rx35-6rhx-7858"
},
{
"name": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1"
}
],
"source": {
"advisory": "GHSA-rx35-6rhx-7858",
"discovery": "UNKNOWN"
},
"title": "Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40923",
"datePublished": "2026-04-21T20:50:53.742Z",
"dateReserved": "2026-04-15T20:40:15.517Z",
"dateUpdated": "2026-05-22T15:41:51.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40924 (GCVE-0-2026-40924)
Vulnerability from cvelistv5 – Published: 2026-04-21 20:47 – Updated: 2026-05-22 16:03
VLAI
Title
Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion
Summary
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the HTTP resolver's FetchHttpResource function calls io.ReadAll(resp.Body) with no response body size limit. Any tenant with permission to create TaskRuns or PipelineRuns that reference the HTTP resolver can point it at an attacker-controlled HTTP server that returns a very large response body within the 1-minute timeout window, causing the tekton-pipelines-resolvers pod to be OOM-killed by Kubernetes. Because all resolver types (Git, Hub, Bundle, Cluster, HTTP) run in the same pod, crashing this pod denies resolution service to the entire cluster. Repeated exploitation causes a sustained crash loop. The same vulnerable code path is reached by both the deprecated pkg/resolution/resolver/http and the current pkg/remoteresolution/resolver/http implementations. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/tektoncd/pipeline/security/adv… | x_refsource_CONFIRM |
| https://github.com/tektoncd/pipeline/releases/tag… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40924",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-22T13:21:18.942819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T13:21:28.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-m2cx-gpqf-qf74"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pipeline",
"vendor": "tektoncd",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.0.2"
},
{
"status": "affected",
"version": "\u003e= 1.2.0, \u003c 1.3.4"
},
{
"status": "affected",
"version": "\u003e= 1.4.0, \u003c 1.6.2"
},
{
"status": "affected",
"version": "\u003e= 1.7.0, \u003c 1.9.3"
},
{
"status": "affected",
"version": "\u003e= 1.10.0, \u003c 1.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the HTTP resolver\u0027s FetchHttpResource function calls io.ReadAll(resp.Body) with no response body size limit. Any tenant with permission to create TaskRuns or PipelineRuns that reference the HTTP resolver can point it at an attacker-controlled HTTP server that returns a very large response body within the 1-minute timeout window, causing the tekton-pipelines-resolvers pod to be OOM-killed by Kubernetes. Because all resolver types (Git, Hub, Bundle, Cluster, HTTP) run in the same pod, crashing this pod denies resolution service to the entire cluster. Repeated exploitation causes a sustained crash loop. The same vulnerable code path is reached by both the deprecated pkg/resolution/resolver/http and the current pkg/remoteresolution/resolver/http implementations. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T16:03:53.528Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-m2cx-gpqf-qf74",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-m2cx-gpqf-qf74"
},
{
"name": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1"
}
],
"source": {
"advisory": "GHSA-m2cx-gpqf-qf74",
"discovery": "UNKNOWN"
},
"title": "Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40924",
"datePublished": "2026-04-21T20:47:47.178Z",
"dateReserved": "2026-04-15T20:40:15.517Z",
"dateUpdated": "2026-05-22T16:03:53.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40938 (GCVE-0-2026-40938)
Vulnerability from cvelistv5 – Published: 2026-04-21 20:45 – Updated: 2026-06-30 12:05
VLAI
Title
Tekton Pipelines: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE
Summary
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=<binary>. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue.
Severity
7.5 (High)
8.5 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://github.com/tektoncd/pipeline/security/adv… | x_refsource_CONFIRM |
| https://github.com/tektoncd/pipeline/releases/tag… | x_refsource_MISC |
| https://access.redhat.com/security/cve/CVE-2026-40938 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2460292 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:24359 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:17546 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:26538 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:26519 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:24484 | vendor-advisoryx_refsource_REDHAT |
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| tektoncd | pipeline |
Affected:
>= 1.0.0, < 1.0.2
Affected: >= 1.2.0, < 1.3.4 Affected: >= 1.4.0, < 1.6.2 Affected: >= 1.7.0, < 1.9.3 Affected: >= 1.10.0, < 1.11.1 |
|
| Red Hat | Red Hat OpenShift Builds 1.7.3 |
cpe:/a:redhat:openshift_builds:1.7::el9 |
|
| Red Hat | Red Hat OpenShift Builds 1.8.0 |
cpe:/a:redhat:openshift_builds:1.8::el9 |
|
| Red Hat | Red Hat OpenShift Pipelines 1.21 |
cpe:/a:redhat:openshift_pipelines:1.21::el9 |
|
| Red Hat | OpenShift Pipelines |
cpe:/a:redhat:openshift_pipelines:1 |
|
| Red Hat | OpenShift Lightspeed |
cpe:/a:redhat:openshift_lightspeed |
|
| Red Hat | OpenShift Serverless |
cpe:/a:redhat:serverless:1 |
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
|
| Red Hat | Red Hat Trusted Artifact Signer |
cpe:/a:redhat:trusted_artifact_signer:1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40938",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-22T18:31:54.871943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T18:36:16.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:openshift_builds:1.7::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Builds 1.7.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_builds:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Builds 1.8.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1.21::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Pipelines 1.21",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "unaffected",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:serverless:1"
],
"defaultStatus": "unaffected",
"product": "OpenShift Serverless",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Trusted Artifact Signer",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-21T20:45:24.658Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Tekton Pipelines, a system for declaring continuous integration/continuous delivery (CI/CD) pipelines. An authenticated user, able to submit `ResolutionRequest` objects, can exploit a vulnerability by injecting malicious commands into the git resolver\u0027s revision parameter. This allows for the execution of unauthorized programs on the resolver pod. Successful exploitation can lead to the exfiltration of all cluster-wide secrets, resulting in significant information disclosure."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:05:58.492Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-40938"
},
{
"name": "RHBZ#2460292",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460292"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40938.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24359"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17546"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26538"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26519"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24484"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:24359: Red Hat OpenShift Builds 1.7.3"
},
{
"lang": "en",
"value": "RHSA-2026:17546: Red Hat OpenShift Builds 1.8.0"
},
{
"lang": "en",
"value": "RHSA-2026:26538: Red Hat OpenShift Pipelines 1.21"
},
{
"lang": "en",
"value": "RHSA-2026:26519: Red Hat OpenShift Pipelines 1.21"
},
{
"lang": "en",
"value": "RHSA-2026:24484: Red Hat OpenShift Pipelines 1.21"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-21T21:02:16.557Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-21T20:45:24.658Z",
"value": "Made public."
}
],
"title": "github.com/tektoncd/pipeline: Tekton Pipelines: Arbitrary code execution and secret exfiltration via malicious git commands",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "pipeline",
"vendor": "tektoncd",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.0.2"
},
{
"status": "affected",
"version": "\u003e= 1.2.0, \u003c 1.3.4"
},
{
"status": "affected",
"version": "\u003e= 1.4.0, \u003c 1.6.2"
},
{
"status": "affected",
"version": "\u003e= 1.7.0, \u003c 1.9.3"
},
{
"status": "affected",
"version": "\u003e= 1.10.0, \u003c 1.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver\u0027s revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=\u003cbinary\u003e. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T22:40:09.754Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq"
},
{
"name": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1"
}
],
"source": {
"advisory": "GHSA-94jr-7pqp-xhcq",
"discovery": "UNKNOWN"
},
"title": "Tekton Pipelines: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40938",
"datePublished": "2026-04-21T20:45:24.658Z",
"dateReserved": "2026-04-15T20:40:15.518Z",
"dateUpdated": "2026-06-30T12:05:58.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40161 (GCVE-0-2026-40161)
Vulnerability from cvelistv5 – Published: 2026-04-21 16:26 – Updated: 2026-05-21 21:20
VLAI
Title
Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL
Summary
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a user-controlled serverURL when the user omits the token parameter. A tenant with TaskRun or PipelineRun create permission can exfiltrate the shared API token (GitHub PAT, GitLab token, etc.) by pointing serverURL to an attacker-controlled endpoint. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue.
Severity
7.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/tektoncd/pipeline/security/adv… | x_refsource_CONFIRM |
| https://github.com/tektoncd/pipeline/issues/9608 | x_refsource_MISC |
| https://github.com/tektoncd/pipeline/issues/9609 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-21T17:41:32.164689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T17:41:38.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pipeline",
"vendor": "tektoncd",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.0.2"
},
{
"status": "affected",
"version": "\u003e= 1.2.0, \u003c 1.3.4"
},
{
"status": "affected",
"version": "\u003e= 1.4.0, \u003c 1.6.2"
},
{
"status": "affected",
"version": "\u003e= 1.7.0, \u003c 1.9.3"
},
{
"status": "affected",
"version": "\u003e= 1.10.0, \u003c 1.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a user-controlled serverURL when the user omits the token parameter. A tenant with TaskRun or PipelineRun create permission can exfiltrate the shared API token (GitHub PAT, GitLab token, etc.) by pointing serverURL to an attacker-controlled endpoint. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201: Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T21:20:13.227Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-wjxp-xrpv-xpff",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-wjxp-xrpv-xpff"
},
{
"name": "https://github.com/tektoncd/pipeline/issues/9608",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/issues/9608"
},
{
"name": "https://github.com/tektoncd/pipeline/issues/9609",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/issues/9609"
}
],
"source": {
"advisory": "GHSA-wjxp-xrpv-xpff",
"discovery": "UNKNOWN"
},
"title": "Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40161",
"datePublished": "2026-04-21T16:26:27.381Z",
"dateReserved": "2026-04-09T19:31:56.014Z",
"dateUpdated": "2026-05-21T21:20:13.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25542 (GCVE-0-2026-25542)
Vulnerability from cvelistv5 – Published: 2026-04-21 16:05 – Updated: 2026-05-22 16:06
VLAI
Title
Tekton Pipelines: VerificationPolicy regex pattern bypass via substring matching
Summary
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.43.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, trusted resources verification policies match a resource source string (refSource.URI) against spec.resources[].pattern using regexp.MatchString. In Go, regexp.MatchString reports a match if the pattern matches anywhere in the string, so common unanchored patterns (including examples in tekton documentation) can be bypassed by attacker-controlled source strings that contain the trusted pattern as a substring. This can cause an unintended policy match and change which verification mode/keys apply. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-185 - Incorrect Regular Expression
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/tektoncd/pipeline/security/adv… | x_refsource_CONFIRM |
| https://github.com/tektoncd/pipeline/commit/b8905… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25542",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-21T16:48:04.873157Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T16:48:15.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pipeline",
"vendor": "tektoncd",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.43.0, \u003c 1.0.2"
},
{
"status": "affected",
"version": "\u003e= 1.2.0, \u003c 1.3.4"
},
{
"status": "affected",
"version": "\u003e= 1.4.0, \u003c 1.6.2"
},
{
"status": "affected",
"version": "\u003e= 1.7.0, \u003c 1.9.3"
},
{
"status": "affected",
"version": "\u003e= 1.10.0, \u003c 1.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.43.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, trusted resources verification policies match a resource source string (refSource.URI) against spec.resources[].pattern using regexp.MatchString. In Go, regexp.MatchString reports a match if the pattern matches anywhere in the string, so common unanchored patterns (including examples in tekton documentation) can be bypassed by attacker-controlled source strings that contain the trusted pattern as a substring. This can cause an unintended policy match and change which verification mode/keys apply. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-185",
"description": "CWE-185: Incorrect Regular Expression",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T16:06:24.202Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-rmx9-2pp3-xhcr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-rmx9-2pp3-xhcr"
},
{
"name": "https://github.com/tektoncd/pipeline/commit/b8905600322aa86327baae0a7c04d6cf1207362a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/commit/b8905600322aa86327baae0a7c04d6cf1207362a"
}
],
"source": {
"advisory": "GHSA-rmx9-2pp3-xhcr",
"discovery": "UNKNOWN"
},
"title": "Tekton Pipelines: VerificationPolicy regex pattern bypass via substring matching"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25542",
"datePublished": "2026-04-21T16:05:43.217Z",
"dateReserved": "2026-02-02T19:59:47.375Z",
"dateUpdated": "2026-05-22T16:06:24.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33211 (GCVE-0-2026-33211)
Vulnerability from cvelistv5 – Published: 2026-03-23 23:55 – Updated: 2026-06-30 12:07
VLAI
Title
Tekton Pipelines git resolver has path traversal that allows reading arbitrary files from the resolver pod
Summary
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter. A tenant with permission to create `ResolutionRequests` (e.g. by creating `TaskRuns` or `PipelineRuns` that use the git resolver) can read arbitrary files from the resolver pod's filesystem, including ServiceAccount tokens. The file contents are returned base64-encoded in `resolutionrequest.status.data`. Versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2 contain a patch.
Severity
9.6 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
21 references
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| tektoncd | pipeline |
Affected:
>= 1.0.0, < 1.0.1
Affected: >= 1.1.0, < 1.3.3 Affected: >= 1.4.0, < 1.6.1 Affected: >= 1.7.0, < 1.9.2 Affected: >= 1.10.0, < 1.10.2 |
|
| Red Hat | Red Hat OpenShift Builds 1.6.5 |
cpe:/a:redhat:openshift_builds:1.6::el9 |
|
| Red Hat | Red Hat OpenShift Builds 1.7.3 |
cpe:/a:redhat:openshift_builds:1.7::el9 |
|
| Red Hat | Red Hat OpenShift Pipelines 1.21 |
cpe:/a:redhat:openshift_pipelines:1.21::el9 |
|
| Red Hat | Red Hat OpenShift Pipelines 1.2 |
cpe:/a:redhat:openshift_pipelines:1.20::el9 |
|
| Red Hat | Red Hat Trusted Artifact Signer 1.3 |
cpe:/a:redhat:trusted_artifact_signer:1.3::el9 |
|
| Red Hat | OpenShift Pipelines |
cpe:/a:redhat:openshift_pipelines:1 |
|
| Red Hat | OpenShift Serverless |
cpe:/a:redhat:serverless:1 |
|
| Red Hat | Builds for Red Hat OpenShift |
cpe:/a:redhat:openshift_builds:1 |
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33211",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T15:40:21.314239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T15:41:02.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:openshift_builds:1.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Builds 1.6.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_builds:1.7::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Builds 1.7.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1.21::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Pipelines 1.21",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1.20::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Pipelines 1.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer 1.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:serverless:1"
],
"defaultStatus": "affected",
"product": "OpenShift Serverless",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_builds:1"
],
"defaultStatus": "unaffected",
"product": "Builds for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-23T23:55:54.089Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Tekton Pipelines, specifically in the Tekton Pipelines git resolver. A tenant with permissions to create ResolutionRequests can exploit a path traversal vulnerability via the `pathInRepo` parameter. This allows the tenant to read arbitrary files from the resolver pod\u0027s filesystem, leading to information disclosure, including sensitive ServiceAccount tokens. The contents of these files are returned in a base64-encoded format."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:07:37.319Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-33211"
},
{
"name": "RHBZ#2450554",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450554"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33211.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10155"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10158"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6170"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6166"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24484"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10066"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21932"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21931"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10026"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10125"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:10155: Red Hat OpenShift Builds 1.6.5"
},
{
"lang": "en",
"value": "RHSA-2026:10158: Red Hat OpenShift Builds 1.7.3"
},
{
"lang": "en",
"value": "RHSA-2026:6170: Red Hat OpenShift Pipelines 1.21"
},
{
"lang": "en",
"value": "RHSA-2026:6166: Red Hat OpenShift Pipelines 1.21"
},
{
"lang": "en",
"value": "RHSA-2026:24484: Red Hat OpenShift Pipelines 1.21"
},
{
"lang": "en",
"value": "RHSA-2026:10066: Red Hat OpenShift Pipelines 1.2"
},
{
"lang": "en",
"value": "RHSA-2026:21932: Red Hat OpenShift Pipelines 1.2"
},
{
"lang": "en",
"value": "RHSA-2026:21931: Red Hat OpenShift Pipelines 1.2"
},
{
"lang": "en",
"value": "RHSA-2026:10026: Red Hat OpenShift Pipelines 1.2"
},
{
"lang": "en",
"value": "RHSA-2026:10125: Red Hat Trusted Artifact Signer 1.3"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-24T00:02:20.093Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-23T23:55:54.089Z",
"value": "Made public."
}
],
"title": "Tekton Pipelines: github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure via path traversal in git resolver",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this vulnerability, restrict the creation of ResolutionRequests to trusted users and service accounts. Implement strict Role-Based Access Control (RBAC) policies to limit which tenants can create TaskRuns or PipelineRuns that utilize the Tekton Pipelines git resolver. This reduces the exposure by preventing unauthorized access to the resolver pod\u0027s filesystem."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "pipeline",
"vendor": "tektoncd",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.0.1"
},
{
"status": "affected",
"version": "\u003e= 1.1.0, \u003c 1.3.3"
},
{
"status": "affected",
"version": "\u003e= 1.4.0, \u003c 1.6.1"
},
{
"status": "affected",
"version": "\u003e= 1.7.0, \u003c 1.9.2"
},
{
"status": "affected",
"version": "\u003e= 1.10.0, \u003c 1.10.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter. A tenant with permission to create `ResolutionRequests` (e.g. by creating `TaskRuns` or `PipelineRuns` that use the git resolver) can read arbitrary files from the resolver pod\u0027s filesystem, including ServiceAccount tokens. The file contents are returned base64-encoded in `resolutionrequest.status.data`. Versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2 contain a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T23:55:54.089Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c"
},
{
"name": "https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c"
},
{
"name": "https://github.com/tektoncd/pipeline/commit/318006c4e3a5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/commit/318006c4e3a5"
},
{
"name": "https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd"
},
{
"name": "https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae"
},
{
"name": "https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e"
},
{
"name": "https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db"
},
{
"name": "https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78"
}
],
"source": {
"advisory": "GHSA-j5q5-j9gm-2w5c",
"discovery": "UNKNOWN"
},
"title": "Tekton Pipelines git resolver has path traversal that allows reading arbitrary files from the resolver pod"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33211",
"datePublished": "2026-03-23T23:55:54.089Z",
"dateReserved": "2026-03-17T23:23:58.313Z",
"dateUpdated": "2026-06-30T12:07:37.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33022 (GCVE-0-2026-33022)
Vulnerability from cvelistv5 – Published: 2026-03-20 07:48 – Updated: 2026-03-20 18:07
VLAI
Title
Tekton Pipelines: Controller can panic when setting long resolver names in TaskRun/PipelineRun
Summary
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions 0.60.0 through 1.0.0, 1.1.0 through 1.3.2, 1.4.0 through 1.6.0, 1.7.0 through 1.9.0, 1.10.0, and 1.10.1 have a denial-of-service vulnerability in that allows any user who can create a TaskRun or PipelineRun to crash the controller cluster-wide by setting .spec.taskRef.resolver (or .spec.pipelineRef.resolver) to a string of 31+ characters. The crash occurs because GenerateDeterministicNameFromSpec produces a name exceeding the 63-character DNS-1123 label limit, and its truncation logic panics on a [-1] slice bound since the generated name contains no spaces. Once crashed, the controller enters a CrashLoopBackOff on restart (as it re-reconciles the offending resource), blocking all CI/CD reconciliation until the resource is manually deleted. Built-in resolvers (git, cluster, bundles, hub) are unaffected due to their short names, but any custom resolver name triggers the bug. The fix truncates the resolver-name prefix instead of the full string, preserving the hash suffix for determinism and uniqueness. This issue has been patched in versions 1.0.1, 1.3.3, 1.6.1, 1.9.2 and 1.10.2.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-129 - Improper Validation of Array Index
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/tektoncd/pipeline/security/adv… | x_refsource_CONFIRM |
| https://github.com/tektoncd/pipeline/commit/5eead… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33022",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-20T16:22:10.536063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T18:07:35.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pipeline",
"vendor": "tektoncd",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.60.0, \u003c 1.0.1"
},
{
"status": "affected",
"version": "\u003e= 1.1.0, \u003c 1.3.3"
},
{
"status": "affected",
"version": "\u003e= 1.4.0, \u003c 1.6.1"
},
{
"status": "affected",
"version": "\u003e= 1.7.0, \u003c 1.9.2"
},
{
"status": "affected",
"version": "\u003e= 1.10.0, \u003c 1.10.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions 0.60.0 through 1.0.0, 1.1.0 through 1.3.2, 1.4.0 through 1.6.0, 1.7.0 through 1.9.0, 1.10.0, and 1.10.1 have a denial-of-service vulnerability in that allows any user who can create a TaskRun or PipelineRun to crash the controller cluster-wide by setting .spec.taskRef.resolver (or .spec.pipelineRef.resolver) to a string of 31+ characters. The crash occurs because GenerateDeterministicNameFromSpec produces a name exceeding the 63-character DNS-1123 label limit, and its truncation logic panics on a [-1] slice bound since the generated name contains no spaces. Once crashed, the controller enters a CrashLoopBackOff on restart (as it re-reconciles the offending resource), blocking all CI/CD reconciliation until the resource is manually deleted. Built-in resolvers (git, cluster, bundles, hub) are unaffected due to their short names, but any custom resolver name triggers the bug. The fix truncates the resolver-name prefix instead of the full string, preserving the hash suffix for determinism and uniqueness. This issue has been patched in versions 1.0.1, 1.3.3, 1.6.1, 1.9.2 and 1.10.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129: Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T07:48:15.383Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-cv4x-93xx-wgfj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-cv4x-93xx-wgfj"
},
{
"name": "https://github.com/tektoncd/pipeline/commit/5eead3f859b9f938e86039e4d29185092c1d4ee6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/commit/5eead3f859b9f938e86039e4d29185092c1d4ee6"
}
],
"source": {
"advisory": "GHSA-cv4x-93xx-wgfj",
"discovery": "UNKNOWN"
},
"title": "Tekton Pipelines: Controller can panic when setting long resolver names in TaskRun/PipelineRun"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33022",
"datePublished": "2026-03-20T07:48:15.383Z",
"dateReserved": "2026-03-17T17:22:14.667Z",
"dateUpdated": "2026-03-20T18:07:35.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-37264 (GCVE-0-2023-37264)
Vulnerability from cvelistv5 – Published: 2023-07-07 16:23 – Updated: 2024-11-04 20:23
VLAI
Title
Pipelines do not validate child UIDs
Summary
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child Task. While the software stores and validates the PipelineRun's (api version, kind, name, uid) in the child Run's OwnerReference, it only store (api version, kind, name) in the ChildStatusReference. This means that if a client had access to create TaskRuns on a cluster, they could create a child TaskRun for a pipeline with the same name + owner reference, and the Pipeline controller picks it up as if it was the original TaskRun. This is problematic since it can let users modify the config of Pipelines at runtime, which violates SLSA L2 Service Generated / Non-falsifiable requirements. This issue can be used to trick the Pipeline controller into associating unrelated Runs to the Pipeline, feeding its data through the rest of the Pipeline. This requires access to create TaskRuns, so impact may vary depending on one Tekton setup. If users already have unrestricted access to create any Task/PipelineRun, this does not grant any additional capabilities. As of time of publication, there are no known patches for this issue.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/tektoncd/pipeline/security/adv… | x_refsource_CONFIRM |
| https://github.com/tektoncd/pipeline/blob/2d38f5f… | x_refsource_MISC |
| https://pkg.go.dev/github.com/tektoncd/pipeline/p… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:09:33.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-w2h3-vvvq-3m53",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-w2h3-vvvq-3m53"
},
{
"name": "https://github.com/tektoncd/pipeline/blob/2d38f5fa840291395178422d34b36b1bc739e2a2/pkg/reconciler/pipelinerun/pipelinerun.go#L1358-L1372",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tektoncd/pipeline/blob/2d38f5fa840291395178422d34b36b1bc739e2a2/pkg/reconciler/pipelinerun/pipelinerun.go#L1358-L1372"
},
{
"name": "https://pkg.go.dev/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1#ChildStatusReference",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pkg.go.dev/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1#ChildStatusReference"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:tektoncd:pipeline:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pipeline",
"vendor": "tektoncd",
"versions": [
{
"lessThanOrEqual": "0.49.0",
"status": "affected",
"version": "0.35.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37264",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-04T20:21:12.184314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T20:23:21.819Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pipeline",
"vendor": "tektoncd",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.35.0, \u003c= 0.49.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child Task. While the software stores and validates the PipelineRun\u0027s (api version, kind, name, uid) in the child Run\u0027s OwnerReference, it only store (api version, kind, name) in the ChildStatusReference. This means that if a client had access to create TaskRuns on a cluster, they could create a child TaskRun for a pipeline with the same name + owner reference, and the Pipeline controller picks it up as if it was the original TaskRun. This is problematic since it can let users modify the config of Pipelines at runtime, which violates SLSA L2 Service Generated / Non-falsifiable requirements. This issue can be used to trick the Pipeline controller into associating unrelated Runs to the Pipeline, feeding its data through the rest of the Pipeline. This requires access to create TaskRuns, so impact may vary depending on one Tekton setup. If users already have unrestricted access to create any Task/PipelineRun, this does not grant any additional capabilities. As of time of publication, there are no known patches for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T18:30:38.979Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-w2h3-vvvq-3m53",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-w2h3-vvvq-3m53"
},
{
"name": "https://github.com/tektoncd/pipeline/blob/2d38f5fa840291395178422d34b36b1bc739e2a2/pkg/reconciler/pipelinerun/pipelinerun.go#L1358-L1372",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/blob/2d38f5fa840291395178422d34b36b1bc739e2a2/pkg/reconciler/pipelinerun/pipelinerun.go#L1358-L1372"
},
{
"name": "https://pkg.go.dev/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1#ChildStatusReference",
"tags": [
"x_refsource_MISC"
],
"url": "https://pkg.go.dev/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1#ChildStatusReference"
}
],
"source": {
"advisory": "GHSA-w2h3-vvvq-3m53",
"discovery": "UNKNOWN"
},
"title": "Pipelines do not validate child UIDs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37264",
"datePublished": "2023-07-07T16:23:09.866Z",
"dateReserved": "2023-06-29T19:35:26.438Z",
"dateUpdated": "2024-11-04T20:23:21.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}