TL;DR
Remediation service container images between versions 0.7.3 to 0.8.2 are not safe to use.
Building container images from Keptn's source code between versions 0.1.0 and 0.8.2 is not safe, although the released container images are safe (except listed above).
Summary
The vulnerability happened due to a deleted Google Storage bucket by the Helm project (kubernetes-helm bucket) that hosted the CLI binaries. The Helm project switched to GitHub releases for their CLI binaries and deleted the storage bucket which made the name (and therefore identical URL) available again for other users to take. This makes components that depend on the Helm CLI vulnerable to RCE at build time since the storage bucket can be taken by any user and during container image build time and the content of the bucket is downloaded into the container image without any integrity (or any other) checks.
Impact
This is a vulnerability that can only be exploited during build time of Dockerfiles from Keptn versions 0.1.0 to 0.8.2.
Patches
The problem will not be patched since the affected versions are over 2 years old and are not built or maintained anymore by any automated system or otherwise.
The problem will be addressed by deleting the affected Docker images and deleting GitHub tags and release branches for the affected Keptn versions to avoid building the vulnerable code. Additionally, disclaimers will be added to the affected GitHub releases.
Workarounds/Mitigations
The vulnerability can be avoided by not building any of the aforementioned container images by oneself and using the released images instead.
arshadkazmi42 Reporter
mowies Remediation developer
thisthat Remediation verifier
TL;DR
Remediation service container images between versions
0.7.3to0.8.2are not safe to use.Building container images from Keptn's source code between versions
0.1.0and0.8.2is not safe, although the released container images are safe (except listed above).Summary
The vulnerability happened due to a deleted Google Storage bucket by the Helm project (kubernetes-helm bucket) that hosted the CLI binaries. The Helm project switched to GitHub releases for their CLI binaries and deleted the storage bucket which made the name (and therefore identical URL) available again for other users to take. This makes components that depend on the Helm CLI vulnerable to RCE at build time since the storage bucket can be taken by any user and during container image build time and the content of the bucket is downloaded into the container image without any integrity (or any other) checks.
Impact
This is a vulnerability that can only be exploited during build time of Dockerfiles from Keptn versions
0.1.0to0.8.2.Patches
The problem will not be patched since the affected versions are over 2 years old and are not built or maintained anymore by any automated system or otherwise.
The problem will be addressed by deleting the affected Docker images and deleting GitHub tags and release branches for the affected Keptn versions to avoid building the vulnerable code. Additionally, disclaimers will be added to the affected GitHub releases.
Workarounds/Mitigations
The vulnerability can be avoided by not building any of the aforementioned container images by oneself and using the released images instead.