GHSA-C73Q-8XXR-RGQM

Vulnerability from github – Published: 2026-06-19 13:58 – Updated: 2026-06-19 13:58
VLAI
Summary
Tilt: Missing authentication on the network-exposed Tilt HUD server
Details

Summary

The Tilt HUD HTTP server exposes state-changing and sensitive-read endpoints with no authentication. When the HUD is bound to a non-loopback address, a network attacker can trigger the developer's pre-defined Tiltfile resources, tamper with Tiltfile arguments, read full engine state including the session token, and reach the Tilt apiserver through a token-attaching proxy.

Details

The HUD server registers its handlers on a gorilla/mux router with no authenticating middleware. The cookieWrapper helper emits the Tilt-Token cookie but never validates it, and is attached only to the static-asset prefix.

Impact

An unauthenticated network caller can force any developer-defined resource to run on the host as the tilt user (choosing which and when, not the command text), set arbitrary Tiltfile arguments, disclose the session token and full engine state, and invoke apiserver resources via the loopback-token proxy. Because tilt up runs with the developer's privileges and credentials, the impact reaches the developer's environment and cluster.

Conditions for exploitation

  • Affected version in >= 0.20.8, <= 0.37.3.
  • HUD bound to a non-loopback address (tilt up --host 0.0.0.0, or TILT_HOST set).
  • Network reachability to the listener (default port 10350).

Not affected

  • The default loopback-only bind is not reachable from the network.

Workarounds

Use the default loopback bind (omit --host, unset TILT_HOST) and ensure nothing else proxies to localhost:10350. No complete workaround short of upgrading for non-loopback deployments.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.37.3"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/tilt-dev/tilt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.20.8"
            },
            {
              "fixed": "0.37.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-55884"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-19T13:58:13Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "## Summary\nThe Tilt HUD HTTP server exposes state-changing and sensitive-read endpoints with no authentication. When the HUD is bound to a non-loopback address, a network attacker can trigger the developer\u0027s pre-defined Tiltfile resources, tamper with Tiltfile arguments, read full engine state including the session token, and reach the Tilt apiserver through a token-attaching proxy.\n\n## Details\nThe HUD server registers its handlers on a `gorilla/mux` router with no authenticating middleware. The `cookieWrapper` helper emits the `Tilt-Token` cookie but never validates it, and is attached only to the static-asset prefix.\n\n## Impact\nAn unauthenticated network caller can force any developer-defined resource to run on the host as the `tilt` user (choosing which and when, not the command text), set arbitrary Tiltfile arguments, disclose the session token and full engine state, and invoke apiserver resources via the loopback-token proxy. Because `tilt up` runs with the developer\u0027s privileges and credentials, the impact reaches the developer\u0027s environment and cluster.\n\n### Conditions for exploitation\n- Affected version in `\u003e= 0.20.8, \u003c= 0.37.3`.\n- HUD bound to a non-loopback address (`tilt up --host 0.0.0.0`, or `TILT_HOST` set).\n- Network reachability to the listener (default port `10350`).\n\n### Not affected\n- The default loopback-only bind is not reachable from the network.\n\n## Workarounds\nUse the default loopback bind (omit `--host`, unset `TILT_HOST`) and ensure nothing else proxies to `localhost:10350`. No complete workaround short of upgrading for non-loopback deployments.",
  "id": "GHSA-c73q-8xxr-rgqm",
  "modified": "2026-06-19T13:58:13Z",
  "published": "2026-06-19T13:58:13Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tilt-dev/tilt/security/advisories/GHSA-c73q-8xxr-rgqm"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tilt-dev/tilt/pull/6776"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tilt-dev/tilt"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tilt-dev/tilt/releases/tag/v0.37.4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Tilt: Missing authentication on the network-exposed Tilt HUD server"
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…