{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-33211","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2026-03-17T23:23:58.313Z","datePublished":"2026-03-23T23:55:54.089Z","dateUpdated":"2026-07-09T12:10:03.720Z"},"containers":{"cna":{"title":"Tekton Pipelines git resolver has path traversal that allows reading arbitrary files from the resolver pod","problemTypes":[{"descriptions":[{"cweId":"CWE-22","lang":"en","description":"CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":9.6,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","version":"3.1"}}],"references":[{"name":"https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c","tags":["x_refsource_CONFIRM"],"url":"https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c"},{"name":"https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c","tags":["x_refsource_MISC"],"url":"https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c"},{"name":"https://github.com/tektoncd/pipeline/commit/318006c4e3a5","tags":["x_refsource_MISC"],"url":"https://github.com/tektoncd/pipeline/commit/318006c4e3a5"},{"name":"https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd","tags":["x_refsource_MISC"],"url":"https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd"},{"name":"https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae","tags":["x_refsource_MISC"],"url":"https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae"},{"name":"https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e","tags":["x_refsource_MISC"],"url":"https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e"},{"name":"https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db","tags":["x_refsource_MISC"],"url":"https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db"},{"name":"https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78","tags":["x_refsource_MISC"],"url":"https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78"}],"affected":[{"vendor":"tektoncd","product":"pipeline","versions":[{"version":">= 1.0.0, < 1.0.1","status":"affected"},{"version":">= 1.1.0, < 1.3.3","status":"affected"},{"version":">= 1.4.0, < 1.6.1","status":"affected"},{"version":">= 1.7.0, < 1.9.2","status":"affected"},{"version":">= 1.10.0, < 1.10.2","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2026-03-23T23:55:54.089Z"},"descriptions":[{"lang":"en","value":"Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter. A tenant with permission to create `ResolutionRequests` (e.g. by creating `TaskRuns` or `PipelineRuns` that use the git resolver) can read arbitrary files from the resolver pod's filesystem, including ServiceAccount tokens. The file contents are returned base64-encoded in `resolutionrequest.status.data`. Versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2 contain a patch."}],"source":{"advisory":"GHSA-j5q5-j9gm-2w5c","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-03-24T15:40:21.314239Z","id":"CVE-2026-33211","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-03-24T15:41:02.198Z"}},{"affected":[{"cpes":["cpe:/a:redhat:openshift_builds:1.6::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Builds 1.6.5","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_builds:1.7::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Builds 1.7.4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_pipelines:1.21::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Pipelines 1.21","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_pipelines:1.20::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Pipelines 1.2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:trusted_artifact_signer:1.3::el9"],"defaultStatus":"affected","product":"Red Hat Trusted Artifact Signer 1.3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_pipelines:1"],"defaultStatus":"affected","product":"OpenShift Pipelines","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:serverless:1"],"defaultStatus":"affected","product":"OpenShift Serverless","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_builds:1"],"defaultStatus":"unaffected","product":"Builds for Red Hat OpenShift","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_ai"],"defaultStatus":"unaffected","product":"Red Hat OpenShift AI (RHOAI)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:container_native_virtualization:4"],"defaultStatus":"unaffected","product":"Red Hat OpenShift Virtualization 4","vendor":"Red Hat"}],"datePublic":"2026-03-23T23:55:54.089Z","descriptions":[{"lang":"en","value":"A flaw was found in Tekton Pipelines, specifically in the Tekton Pipelines git resolver. A tenant with permissions to create ResolutionRequests can exploit a path traversal vulnerability via the `pathInRepo` parameter. This allows the tenant to read arbitrary files from the resolver pod's filesystem, leading to information disclosure, including sensitive ServiceAccount tokens. The contents of these files are returned in a base64-encoded format."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":9.6,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-33211"},{"name":"RHBZ#2450554","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450554"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33211.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:10155"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:10158"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:6170"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:6166"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:24484"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:10066"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:21932"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:21931"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:10026"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:10125"}],"solutions":[{"lang":"en","value":"RHSA-2026:10155: Red Hat OpenShift Builds 1.6.5"},{"lang":"en","value":"RHSA-2026:10158: Red Hat OpenShift Builds 1.7.4"},{"lang":"en","value":"RHSA-2026:6170: Red Hat OpenShift Pipelines 1.21"},{"lang":"en","value":"RHSA-2026:6166: Red Hat OpenShift Pipelines 1.21"},{"lang":"en","value":"RHSA-2026:24484: Red Hat OpenShift Pipelines 1.21"},{"lang":"en","value":"RHSA-2026:10066: Red Hat OpenShift Pipelines 1.2"},{"lang":"en","value":"RHSA-2026:21932: Red Hat OpenShift Pipelines 1.2"},{"lang":"en","value":"RHSA-2026:21931: Red Hat OpenShift Pipelines 1.2"},{"lang":"en","value":"RHSA-2026:10026: Red Hat OpenShift Pipelines 1.2"},{"lang":"en","value":"RHSA-2026:10125: Red Hat Trusted Artifact Signer 1.3"}],"timeline":[{"lang":"en","time":"2026-03-24T00:02:20.093Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-03-23T23:55:54.089Z","value":"Made public."}],"title":"Tekton Pipelines: github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure via path traversal in git resolver","workarounds":[{"lang":"en","value":"To mitigate this vulnerability, restrict the creation of ResolutionRequests to trusted users and service accounts. Implement strict Role-Based Access Control (RBAC) policies to limit which tenants can create TaskRuns or PipelineRuns that utilize the Tekton Pipelines git resolver. This reduces the exposure by preventing unauthorized access to the resolver pod's filesystem."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-07-09T12:10:03.720Z"}}]}}