Insecure permissions in pipecd v0.49 allow attackers to gain access to the service account's token, leading to escalation of privileges.
The vulnerability classified as CWE-276 (Incorrect Default Permissions) consists of PipeCD v0.49 assigning overly permissive permissions to resources storing or exposing the service account token. An attacker, without any authentication and without requiring user interaction, is able to gain access to this token over the network. After hijacking the token, the attacker can operate with the permissions associated with the service account.
An attacker can hijack a service account token and perform privilege escalation, potentially gaining full control over the environment managed by PipeCD, including access to sensitive data, ability to modify configurations, and disruption of operational continuity.
Patches available from the vendor should be applied according to references. It is recommended to check the official project repository (https://github.com/pipe-cd/pipecd) and the pipecd.dev website for information about available updates. Until updating, consider restricting network access to PipeCD components and implementing regular rotation of service account tokens.
PipeCD v0.49 (Linuxfoundation PipeCD)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLinuxfoundation Pipecd
APPLinuxfoundation≤ 0.49.3
Related vulnerabilities
containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 t...
CloudNativePG: eskalacja uprawnień do superużytkownika PostgreSQL przez metrics exporter
AGL app-framework-main: Zip Slip + TOCTOU umożliwiają zapis dowolnych plików
RCE w Spinnaker — wykonanie dowolnych poleceń na podach clouddriver
Spinnaker Echo: nieograniczony dostęp SPeL umożliwia RCE