Skip to content

[GHSA-rmx9-2pp3-xhcr] Add multi-branch patch ranges for Tekton Pipelines #7600

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
waveywaves wants to merge 1 commit into
base: waveywaves/advisory-improvement-7600
Choose a base branch
from
Open

[GHSA-rmx9-2pp3-xhcr] Add multi-branch patch ranges for Tekton Pipelines #7600

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
86 changes: 81 additions & 5 deletions advisories/github-reviewed/2026/04/GHSA-rmx9-2pp3-xhcr/GHSA-rmx9-2pp3-xhcr.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
{
"schema_version": "1.4.0",
"id": "GHSA-rmx9-2pp3-xhcr",
"modified": "2026-04-27T16:15:24Z",
"modified": "2026-05-05T10:00:00Z",
"published": "2026-04-21T16:25:19Z",
"aliases": [
"CVE-2026-25542"
],
"summary": "Tekton Pipelines has VerificationPolicy regex pattern bypass via substring matching",
"details": "## Summary\n\nThe Trusted Resources verification system matches a resource source string (`refSource.URI`) against `spec.resources[].pattern` using Go's `regexp.MatchString`. In Go, `regexp.MatchString` reports a match if the pattern matches **anywhere** in the input string. As a result, common unanchored patterns—including examples found in Tekton documentation—can be bypassed by attacker-controlled source strings that contain the trusted pattern as a substring. This may cause an unintended policy match and alter which verification mode or keys are applied.\n\n## Affected Component\n\n- **Repository:** <https://github.com/tektoncd/pipeline>\n- **Commit:** `0133513db03dadb3cb08301d6b0330badcb63830`\n- **Call site:** `pkg/trustedresources/verify.go:118–137` (`getMatchedPolicies`)\n\n## Impact\n\nAn attacker can craft a Trusted Resources source string that embeds a trusted substring and still matches an unanchored `VerificationPolicy` `spec.resources[].pattern`, even if the policy is intended to constrain matches to a specific trusted source. This occurs because `regexp.MatchString` succeeds on substring matches. For example, a pattern such as `https://github.com/tektoncd/catalog.git` would match an attacker-controlled source like `https://evil.com/?x=https://github.com/tektoncd/catalog.git`.\n\n**Affected:** Deployments using Trusted Resources verification with unanchored `VerificationPolicy` patterns, where an attacker can influence the `refSource.URI` value used for policy matching.\n\n**Not affected:** Deployments that anchor all patterns (`^...$`) or otherwise enforce full-string matching; deployments where attackers cannot influence `refSource.URI`.\n\n## Reproduction\n\n### Canonical (Demonstrates Vulnerability)\n\n```bash\nunzip -q -o poc.zip -d /tmp/poc-tekton-regex-001\ncd /tmp/poc-tekton-regex-001/poc-F-TEKTON-REGEX-001\nbash ./run.sh canonical | tee /tmp/tekton-regex-001-canonical.log\n```\n\n- **Expected (secure):** Capability not reached; canonical does not emit vulnerability markers.\n- **Actual (vulnerable):** Capability reached; canonical emits vulnerability markers.\n- **Canonical markers (mandatory):** `[CALLSITE_HIT]` + `[PROOF_MARKER]`\n\n### Negative Control\n\n```bash\nbash ./run.sh control | tee /tmp/tekton-regex-001-control.log\n```\n\n- **Expected:** Capability not reached under the same harness; control emits the control marker and does not emit vulnerability markers.\n- **Control markers (mandatory):** `[CALLSITE_HIT]` + `[NC_MARKER]`\n\n### Verification\n\n```bash\ngrep -n '\\[PROOF_MARKER\\]' /tmp/tekton-regex-001-canonical.log \\\n && grep -n '\\[NC_MARKER\\]' /tmp/tekton-regex-001-control.log \\\n && ! grep -n '\\[PROOF_MARKER\\]' /tmp/tekton-regex-001-control.log\n```\n\n## Suggested Fix\n\nIt is recommended to make matching safe-by-default by requiring full-string matches, or by validating patterns and clearly documenting substring semantics. Possible approaches include:\n\n1. **Anchor patterns before matching** — e.g., wrap `pattern` as `^(?:pattern)$` when not already anchored.\n2. **Introduce a separate field** for exact match vs. regex match semantics.\n3. **Document substring semantics explicitly** and update all documentation examples to include anchors.\n\nA fix is considered accepted when, under the same harness, the canonical test still hits `[CALLSITE_HIT]` but **does not** emit `[PROOF_MARKER]`.\n\n## Workarounds\n\nAnchor all `VerificationPolicy` resource patterns so they must match the full source string. For example:\n\n```yaml\npattern: \"^https://github\\\\.com/tektoncd/catalog\\\\.git$\"\n```\n\n## Proof Bundle\n\n- **Bundle:** [poc.zip](https://github.com/user-attachments/files/24833926/poc.zip)\n- **Convention:** The zip extracts under a single top-level folder (`poc-F-TEKTON-REGEX-001/`) to avoid collisions.\n- **Contains:** `canonical.log`, `control.log`, `witness.txt`\n- **Extracted paths:** `./poc/poc-F-TEKTON-REGEX-001/canonical.log`, `./poc/poc-F-TEKTON-REGEX-001/control.log`, `./poc/poc-F-TEKTON-REGEX-001/witness.txt`\n- **Integrity verification:** Compare `shasum -a 256` for `canonical.log`, `control.log`, `fix.patch`, and test source against `witness.txt`.\n\n> **Note:** If a supported integration uses verified HTTPS app-links or universal links only, provide the supported tag or branch and retesting on that pin can be arranged.",
"details": "## Summary\n\nThe Trusted Resources verification system matches a resource source string (`refSource.URI`) against `spec.resources[].pattern` using Go's `regexp.MatchString`. In Go, `regexp.MatchString` reports a match if the pattern matches **anywhere** in the input string. As a result, common unanchored patterns\u2014including examples found in Tekton documentation\u2014can be bypassed by attacker-controlled source strings that contain the trusted pattern as a substring. This may cause an unintended policy match and alter which verification mode or keys are applied.\n\n## Affected Component\n\n- **Repository:** <https://github.com/tektoncd/pipeline>\n- **Commit:** `0133513db03dadb3cb08301d6b0330badcb63830`\n- **Call site:** `pkg/trustedresources/verify.go:118\u2013137` (`getMatchedPolicies`)\n\n## Impact\n\nAn attacker can craft a Trusted Resources source string that embeds a trusted substring and still matches an unanchored `VerificationPolicy` `spec.resources[].pattern`, even if the policy is intended to constrain matches to a specific trusted source. This occurs because `regexp.MatchString` succeeds on substring matches. For example, a pattern such as `https://github.com/tektoncd/catalog.git` would match an attacker-controlled source like `https://evil.com/?x=https://github.com/tektoncd/catalog.git`.\n\n**Affected:** Deployments using Trusted Resources verification with unanchored `VerificationPolicy` patterns, where an attacker can influence the `refSource.URI` value used for policy matching.\n\n**Not affected:** Deployments that anchor all patterns (`^...$`) or otherwise enforce full-string matching; deployments where attackers cannot influence `refSource.URI`.\n\n## Reproduction\n\n### Canonical (Demonstrates Vulnerability)\n\n```bash\nunzip -q -o poc.zip -d /tmp/poc-tekton-regex-001\ncd /tmp/poc-tekton-regex-001/poc-F-TEKTON-REGEX-001\nbash ./run.sh canonical | tee /tmp/tekton-regex-001-canonical.log\n```\n\n- **Expected (secure):** Capability not reached; canonical does not emit vulnerability markers.\n- **Actual (vulnerable):** Capability reached; canonical emits vulnerability markers.\n- **Canonical markers (mandatory):** `[CALLSITE_HIT]` + `[PROOF_MARKER]`\n\n### Negative Control\n\n```bash\nbash ./run.sh control | tee /tmp/tekton-regex-001-control.log\n```\n\n- **Expected:** Capability not reached under the same harness; control emits the control marker and does not emit vulnerability markers.\n- **Control markers (mandatory):** `[CALLSITE_HIT]` + `[NC_MARKER]`\n\n### Verification\n\n```bash\ngrep -n '\\[PROOF_MARKER\\]' /tmp/tekton-regex-001-canonical.log \\\n && grep -n '\\[NC_MARKER\\]' /tmp/tekton-regex-001-control.log \\\n && ! grep -n '\\[PROOF_MARKER\\]' /tmp/tekton-regex-001-control.log\n```\n\n## Suggested Fix\n\nIt is recommended to make matching safe-by-default by requiring full-string matches, or by validating patterns and clearly documenting substring semantics. Possible approaches include:\n\n1. **Anchor patterns before matching** \u2014 e.g., wrap `pattern` as `^(?:pattern)$` when not already anchored.\n2. **Introduce a separate field** for exact match vs. regex match semantics.\n3. **Document substring semantics explicitly** and update all documentation examples to include anchors.\n\nA fix is considered accepted when, under the same harness, the canonical test still hits `[CALLSITE_HIT]` but **does not** emit `[PROOF_MARKER]`.\n\n## Workarounds\n\nAnchor all `VerificationPolicy` resource patterns so they must match the full source string. For example:\n\n```yaml\npattern: \"^https://github\\\\.com/tektoncd/catalog\\\\.git$\"\n```\n\n## Proof Bundle\n\n- **Bundle:** [poc.zip](https://github.com/user-attachments/files/24833926/poc.zip)\n- **Convention:** The zip extracts under a single top-level folder (`poc-F-TEKTON-REGEX-001/`) to avoid collisions.\n- **Contains:** `canonical.log`, `control.log`, `witness.txt`\n- **Extracted paths:** `./poc/poc-F-TEKTON-REGEX-001/canonical.log`, `./poc/poc-F-TEKTON-REGEX-001/control.log`, `./poc/poc-F-TEKTON-REGEX-001/witness.txt`\n- **Integrity verification:** Compare `shasum -a 256` for `canonical.log`, `control.log`, `fix.patch`, and test source against `witness.txt`.\n\n> **Note:** If a supported integration uses verified HTTPS app-links or universal links only, provide the supported tag or branch and retesting on that pin can be arranged.",
"severity": [
{
"type": "CVSS_V3",
Expand All @@ -28,7 +28,83 @@
"introduced": "0.43.0"
},
{
"fixed": "1.11.0"
"fixed": "1.0.2"
}
]
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/tektoncd/pipeline"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "1.1.0"
},
{
"fixed": "1.3.4"
}
]
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/tektoncd/pipeline"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "1.4.0"
},
{
"fixed": "1.6.2"
}
]
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/tektoncd/pipeline"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "1.7.0"
},
{
"fixed": "1.9.3"
}
]
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/tektoncd/pipeline"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "1.10.0"
},
{
"fixed": "1.11.1"
}
]
}
Expand Down Expand Up @@ -58,7 +134,7 @@
},
{
"type": "WEB",
"url": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.0"
"url": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1"
}
],
"database_specific": {
Expand All @@ -70,4 +146,4 @@
"github_reviewed_at": "2026-04-21T16:25:19Z",
"nvd_published_at": "2026-04-21T17:16:24Z"
}
}
}