Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionGitHub Advisory
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to 1.10.0, the Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a user-controlled serverURL when the user omits the token parameter. A tenant with TaskRun or PipelineRun create permission can exfiltrate the shared API token (GitHub PAT, GitLab token, etc.) by pointing serverURL to an attacker-controlled endpoint.
AnalysisAI
Credential leakage in Tekton Pipelines git resolver allows authenticated users to exfiltrate system-configured Git API tokens (GitHub PAT, GitLab tokens) by directing the resolver to attacker-controlled endpoints. Affects versions 1.0.0 through 1.10.0 when users omit the token parameter in TaskRun or PipelineRun configurations. CVSS 7.7 with scope change reflects cross-tenant credential theft potential in multi-tenant Kubernetes environments. No active exploitation confirmed (not in CISA KEV), but exploitation is straightforward for authenticated cluster users with TaskRun/PipelineRun creation privileges.
Technical ContextAI
Tekton Pipelines is a Kubernetes-native CI/CD framework that extends Kubernetes with custom resource definitions for pipeline orchestration. The git resolver component operates in API mode to fetch pipeline definitions from Git repositories using configured authentication tokens. The vulnerability stems from insecure credential handling (CWE-201: Insertion of Sensitive Information Into Sent Data) where the resolver automatically attaches system-level Git credentials (GitHub Personal Access Tokens, GitLab API tokens) to requests when users specify a custom serverURL but omit explicit token parameters. This design flaw violates the principle of least privilege by allowing tenant-level users to redirect authenticated requests to arbitrary endpoints. The scope change (S:C) in the CVSS vector reflects the cross-tenant impact - an attacker with low privileges in one tenant can steal credentials that may provide broader system access beyond their original authorization boundary.
RemediationAI
Upgrade to Tekton Pipelines version 1.10.1 or later, which addresses the credential leakage by validating serverURL against configured Git hosts before attaching authentication tokens. Until patching, implement compensating controls: (1) Remove system-level Git API tokens from Tekton configuration and require users to provide explicit tokens in TaskRun/PipelineRun definitions - this eliminates the vulnerable credential pool but breaks workflows assuming automatic authentication; (2) Use Kubernetes RBAC to restrict TaskRun/PipelineRun creation to highly trusted users only - reduces attack surface but may conflict with CI/CD automation requirements; (3) Deploy network policies blocking egress from Tekton resolver pods to untrusted destinations - requires comprehensive allowlist of legitimate Git hosting endpoints and may interfere with private Git servers. Consult GitHub advisory GHSA-wjxp-xrpv-xpff for vendor-recommended migration path. After upgrading, audit Git API token permissions and rotate any tokens potentially exposed during the vulnerable period.
More in Kubernetes
View allA critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.exter
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4
Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass
Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is rem
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, ref
String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter
Same technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: HighShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-24165
GHSA-wjxp-xrpv-xpff