You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It's possible to rewrite parts of a workflow on-cluster using only an input parameter. Operators who allows users to run workflows specifying input parameters are vulnerable to this.
Details
From @mac9416 :
It's possible to rewrite parts of a workflow on-cluster using only an input parameter. This relies on taking advantage of the fact that the output of expression templates is evaluated a a literal part of the JSON-stringified template.
The following workflow accepts a string param, performs a trivial transformation (in this case, just printing it), and then passes the output as an env var to be printed.
The poisoned param value is able to overwrite "args" because 1) the golang JSON marshaler allows duplicate keys and, 2) the stringified template keys seem to be alphabetically-ordered, so the poisoned "env" value can override the original "args" field.
This is just a quick proof-of-concept. The motivated attacker could probably find a lot of different and nefarious ways to mutate a workflow.
I believe this PR would close the vulnerability: #6285
Note: there seems to be some non-determinism involved. The expected behavior is for the "print" step to output "this happens instead". If instead you get an error, re-submit a few times.
Message from the maintainers:
Impacted by this bug? Give it a 👍. We prioritise the issues with the most 👍.
The text was updated successfully, but these errors were encountered:
Summary
It's possible to rewrite parts of a workflow on-cluster using only an input parameter. Operators who allows users to run workflows specifying input parameters are vulnerable to this.
Details
From @mac9416 :
It's possible to rewrite parts of a workflow on-cluster using only an input parameter. This relies on taking advantage of the fact that the output of expression templates is evaluated a a literal part of the JSON-stringified template.
The following workflow accepts a string param, performs a trivial transformation (in this case, just printing it), and then passes the output as an env var to be printed.
The poisoned param value is able to overwrite "args" because 1) the golang JSON marshaler allows duplicate keys and, 2) the stringified template keys seem to be alphabetically-ordered, so the poisoned "env" value can override the original "args" field.
This is just a quick proof-of-concept. The motivated attacker could probably find a lot of different and nefarious ways to mutate a workflow.
I believe this PR would close the vulnerability: #6285
Note: there seems to be some non-determinism involved. The expected behavior is for the "print" step to output "this happens instead". If instead you get an error, re-submit a few times.
Message from the maintainers:
Impacted by this bug? Give it a 👍. We prioritise the issues with the most 👍.
The text was updated successfully, but these errors were encountered: