CVE-2026-33211 (GCVE-0-2026-33211)

Vulnerability from cvelistv5 – Published: 2026-03-23 23:55 – Updated: 2026-06-30 12:07
VLAI
Title
Tekton Pipelines git resolver has path traversal that allows reading arbitrary files from the resolver pod
Summary
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter. A tenant with permission to create `ResolutionRequests` (e.g. by creating `TaskRuns` or `PipelineRuns` that use the git resolver) can read arbitrary files from the resolver pod's filesystem, including ServiceAccount tokens. The file contents are returned base64-encoded in `resolutionrequest.status.data`. Versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2 contain a patch.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
URL Tags
https://github.com/tektoncd/pipeline/security/adv… x_refsource_CONFIRM
https://github.com/tektoncd/pipeline/commit/10fa5… x_refsource_MISC
https://github.com/tektoncd/pipeline/commit/31800… x_refsource_MISC
https://github.com/tektoncd/pipeline/commit/3ca7b… x_refsource_MISC
https://github.com/tektoncd/pipeline/commit/96138… x_refsource_MISC
https://github.com/tektoncd/pipeline/commit/b1fee… x_refsource_MISC
https://github.com/tektoncd/pipeline/commit/cdb4e… x_refsource_MISC
https://github.com/tektoncd/pipeline/commit/ec775… x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2026-33211 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2450554 issue-trackingx_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:10155 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10158 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6170 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6166 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:24484 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10066 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21932 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21931 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10026 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10125 vendor-advisoryx_refsource_REDHAT
Impacted products
Vendor Product Version
tektoncd pipeline Affected: >= 1.0.0, < 1.0.1
Affected: >= 1.1.0, < 1.3.3
Affected: >= 1.4.0, < 1.6.1
Affected: >= 1.7.0, < 1.9.2
Affected: >= 1.10.0, < 1.10.2
Create a notification for this product.
Red Hat Red Hat OpenShift Builds 1.6.5     cpe:/a:redhat:openshift_builds:1.6::el9
Create a notification for this product.
Red Hat Red Hat OpenShift Builds 1.7.3     cpe:/a:redhat:openshift_builds:1.7::el9
Create a notification for this product.
Red Hat Red Hat OpenShift Pipelines 1.21     cpe:/a:redhat:openshift_pipelines:1.21::el9
Create a notification for this product.
Red Hat Red Hat OpenShift Pipelines 1.2     cpe:/a:redhat:openshift_pipelines:1.20::el9
Create a notification for this product.
Red Hat Red Hat Trusted Artifact Signer 1.3     cpe:/a:redhat:trusted_artifact_signer:1.3::el9
Create a notification for this product.
Red Hat OpenShift Pipelines     cpe:/a:redhat:openshift_pipelines:1
Create a notification for this product.
Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
Create a notification for this product.
Red Hat Builds for Red Hat OpenShift     cpe:/a:redhat:openshift_builds:1
Create a notification for this product.
Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
Create a notification for this product.
Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33211",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-24T15:40:21.314239Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-24T15:41:02.198Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/a:redhat:openshift_builds:1.6::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Builds 1.6.5",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_builds:1.7::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Builds 1.7.3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_pipelines:1.21::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Pipelines 1.21",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_pipelines:1.20::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Pipelines 1.2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Trusted Artifact Signer 1.3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_pipelines:1"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift Pipelines",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:serverless:1"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift Serverless",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_builds:1"
            ],
            "defaultStatus": "unaffected",
            "product": "Builds for Red Hat OpenShift",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat OpenShift Virtualization 4",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-03-23T23:55:54.089Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in Tekton Pipelines, specifically in the Tekton Pipelines git resolver. A tenant with permissions to create ResolutionRequests can exploit a path traversal vulnerability via the `pathInRepo` parameter. This allows the tenant to read arbitrary files from the resolver pod\u0027s filesystem, leading to information disclosure, including sensitive ServiceAccount tokens. The contents of these files are returned in a base64-encoded format."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.6,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-22",
                "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T12:07:37.319Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-33211"
          },
          {
            "name": "RHBZ#2450554",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450554"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33211.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10155"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10158"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:6170"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:6166"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:24484"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10066"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21932"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21931"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10026"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10125"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:10155: Red Hat OpenShift Builds 1.6.5"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10158: Red Hat OpenShift Builds 1.7.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:6170: Red Hat OpenShift Pipelines 1.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:6166: Red Hat OpenShift Pipelines 1.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:24484: Red Hat OpenShift Pipelines 1.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10066: Red Hat OpenShift Pipelines 1.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21932: Red Hat OpenShift Pipelines 1.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21931: Red Hat OpenShift Pipelines 1.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10026: Red Hat OpenShift Pipelines 1.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10125: Red Hat Trusted Artifact Signer 1.3"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-03-24T00:02:20.093Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-03-23T23:55:54.089Z",
            "value": "Made public."
          }
        ],
        "title": "Tekton Pipelines: github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure via path traversal in git resolver",
        "workarounds": [
          {
            "lang": "en",
            "value": "To mitigate this vulnerability, restrict the creation of ResolutionRequests to trusted users and service accounts. Implement strict Role-Based Access Control (RBAC) policies to limit which tenants can create TaskRuns or PipelineRuns that utilize the Tekton Pipelines git resolver. This reduces the exposure by preventing unauthorized access to the resolver pod\u0027s filesystem."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "pipeline",
          "vendor": "tektoncd",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.0.0, \u003c 1.0.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.1.0, \u003c 1.3.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.4.0, \u003c 1.6.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.7.0, \u003c 1.9.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.10.0, \u003c 1.10.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter. A tenant with permission to create `ResolutionRequests` (e.g. by creating `TaskRuns` or `PipelineRuns` that use the git resolver) can read arbitrary files from the resolver pod\u0027s filesystem, including ServiceAccount tokens. The file contents are returned base64-encoded in `resolutionrequest.status.data`. Versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2 contain a patch."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-23T23:55:54.089Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c"
        },
        {
          "name": "https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c"
        },
        {
          "name": "https://github.com/tektoncd/pipeline/commit/318006c4e3a5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tektoncd/pipeline/commit/318006c4e3a5"
        },
        {
          "name": "https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd"
        },
        {
          "name": "https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae"
        },
        {
          "name": "https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e"
        },
        {
          "name": "https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db"
        },
        {
          "name": "https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78"
        }
      ],
      "source": {
        "advisory": "GHSA-j5q5-j9gm-2w5c",
        "discovery": "UNKNOWN"
      },
      "title": "Tekton Pipelines git resolver has path traversal that allows reading arbitrary files from the resolver pod"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33211",
    "datePublished": "2026-03-23T23:55:54.089Z",
    "dateReserved": "2026-03-17T23:23:58.313Z",
    "dateUpdated": "2026-06-30T12:07:37.319Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-33211",
      "date": "2026-07-02",
      "epss": "0.00573",
      "percentile": "0.43112"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-33211\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-24T00:16:29.320\",\"lastModified\":\"2026-06-30T03:18:37.887\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter. A tenant with permission to create `ResolutionRequests` (e.g. by creating `TaskRuns` or `PipelineRuns` that use the git resolver) can read arbitrary files from the resolver pod\u0027s filesystem, including ServiceAccount tokens. The file contents are returned base64-encoded in `resolutionrequest.status.data`. Versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2 contain a patch.\"},{\"lang\":\"es\",\"value\":\"El proyecto Tekton Pipelines proporciona recursos estilo k8s para declarar pipelines estilo CI/CD. A partir de la versi\u00f3n 1.0.0 y antes de las versiones 1.0.1, 1.3.3, 1.6.1, 1.9.2 y 1.10.2, el resolvedor git de Tekton Pipelines es vulnerable a salto de ruta a trav\u00e9s del par\u00e1metro \u0027pathInRepo\u0027. Un inquilino con permiso para crear \u0027ResolutionRequests\u0027 (por ejemplo, creando \u0027TaskRuns\u0027 o \u0027PipelineRuns\u0027 que usan el resolvedor git) puede leer archivos arbitrarios del sistema de archivos del pod del resolvedor, incluyendo tokens de ServiceAccount. El contenido del archivo se devuelve codificado en base64 en \u0027resolutionrequest.status.data\u0027. Las versiones 1.0.1, 1.3.3, 1.6.1, 1.9.2 y 1.10.2 contienen un parche.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"tektoncd\",\"product\":\"pipeline\",\"versions\":[{\"version\":\"\u003e= 1.0.0, \u003c 1.0.1\",\"status\":\"affected\"},{\"version\":\"\u003e= 1.1.0, \u003c 1.3.3\",\"status\":\"affected\"},{\"version\":\"\u003e= 1.4.0, \u003c 1.6.1\",\"status\":\"affected\"},{\"version\":\"\u003e= 1.7.0, \u003c 1.9.2\",\"status\":\"affected\"},{\"version\":\"\u003e= 1.10.0, \u003c 1.10.2\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Builds 1.6.5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_builds:1.6::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Builds 1.7.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_builds:1.7::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Pipelines 1.21\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_pipelines:1.21::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Pipelines 1.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_pipelines:1.20::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Trusted Artifact Signer 1.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:trusted_artifact_signer:1.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Pipelines\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_pipelines:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Serverless\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:serverless:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Builds for Red Hat OpenShift\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openshift_builds:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI (RHOAI)\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Virtualization 4\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:container_native_virtualization:4\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N\",\"baseScore\":9.6,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":5.8},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N\",\"baseScore\":9.6,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":5.8},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N\",\"baseScore\":9.6,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":5.8}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-03-24T15:40:21.314239Z\",\"id\":\"CVE-2026-33211\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:tekton_pipelines:*:*:*:*:*:go:*:*\",\"versionStartIncluding\":\"1.1.0\",\"versionEndExcluding\":\"1.3.3\",\"matchCriteriaId\":\"510D5C7F-FB2A-4059-AF03-A85FD23267F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:tekton_pipelines:*:*:*:*:*:go:*:*\",\"versionStartIncluding\":\"1.4.0\",\"versionEndExcluding\":\"1.6.1\",\"matchCriteriaId\":\"B4303F35-5E39-4F4B-9258-FE58CCA3C760\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:tekton_pipelines:*:*:*:*:*:go:*:*\",\"versionStartIncluding\":\"1.7.0\",\"versionEndExcluding\":\"1.9.2\",\"matchCriteriaId\":\"C465CD0F-E9E8-414D-9BED-49BEBD394E95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:tekton_pipelines:*:*:*:*:*:go:*:*\",\"versionStartIncluding\":\"1.10.0\",\"versionEndExcluding\":\"1.10.2\",\"matchCriteriaId\":\"871426E3-9DCC-43CE-8262-D87D4F040AEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:tekton_pipelines:1.0.0:*:*:*:*:go:*:*\",\"matchCriteriaId\":\"49E77BA1-6CC4-430D-B0C0-EB295ADBF6FE\"}]}]}],\"references\":[{\"url\":\"https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/tektoncd/pipeline/commit/318006c4e3a5\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10026\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10066\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10125\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10155\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10158\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21931\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21932\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24484\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6166\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6170\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-33211\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2450554\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33211.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-33211\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-24T15:40:21.314239Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-24T15:40:51.639Z\"}}], \"cna\": {\"title\": \"Tekton Pipelines git resolver has path traversal that allows reading arbitrary files from the resolver pod\", \"source\": {\"advisory\": \"GHSA-j5q5-j9gm-2w5c\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"tektoncd\", \"product\": \"pipeline\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.0.0, \u003c 1.0.1\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.1.0, \u003c 1.3.3\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.4.0, \u003c 1.6.1\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.7.0, \u003c 1.9.2\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.10.0, \u003c 1.10.2\"}]}], \"references\": [{\"url\": \"https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c\", \"name\": \"https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c\", \"name\": \"https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/tektoncd/pipeline/commit/318006c4e3a5\", \"name\": \"https://github.com/tektoncd/pipeline/commit/318006c4e3a5\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd\", \"name\": \"https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae\", \"name\": \"https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e\", \"name\": \"https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db\", \"name\": \"https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78\", \"name\": \"https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter. A tenant with permission to create `ResolutionRequests` (e.g. by creating `TaskRuns` or `PipelineRuns` that use the git resolver) can read arbitrary files from the resolver pod\u0027s filesystem, including ServiceAccount tokens. The file contents are returned base64-encoded in `resolutionrequest.status.data`. Versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2 contain a patch.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-23T23:55:54.089Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-33211\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-24T15:41:02.198Z\", \"dateReserved\": \"2026-03-17T23:23:58.313Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-23T23:55:54.089Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…