cbcvebase.

Github.Com Tektoncd Pipeline vulnerabilities

8 known vulnerabilities affecting github.com/tektoncd_pipeline.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM4LOW1

Vulnerabilities

Page 1 of 1
CVE-2026-33211P2CRITICAL≥ 1.0.0, < 1.0.1≥ 1.1.0, < 1.3.3+3 more2026-03-18
CVE-2026-33211 [CRITICAL] CWE-22 Path traversal in Tekton Pipelines git resolver allows reading arbitrary files from the resolver pod Path traversal in Tekton Pipelines git resolver allows reading arbitrary files from the resolver pod ### Summary The Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter. A tenant with permission to create `ResolutionRequests` (e.g. by creating `TaskRuns` or `PipelineRuns` that use the git resolver) can read arbitrary file
ghsaosv
CVE-2026-40938P2HIGH≥ 1.0.0, < 1.11.12026-04-21
CVE-2026-40938 [HIGH] CWE-88 Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE ## Summary The git resolver's `revision` parameter is passed directly as a positional argument to `git fetch` without any validation that it does not begin with a `-` character. Because git parses flags from mixed positional arguments, an attacker can inj
ghsa
CVE-2026-40161P3HIGH≥ 1.0.0, ≤ 1.10.02026-04-21
CVE-2026-40161 [HIGH] CWE-201 Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL ### Summary The Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a user-controlled `serverURL` when the user omits the `token` parameter. A tenant with TaskRun or PipelineRun create permission can exfiltrate the shared API t
ghsa
CVE-2026-25542P3MEDIUM≥ 0.43.0, < 1.11.02026-04-21
CVE-2026-25542 [MEDIUM] CWE-185 Tekton Pipelines has VerificationPolicy regex pattern bypass via substring matching Tekton Pipelines has VerificationPolicy regex pattern bypass via substring matching ## Summary The Trusted Resources verification system matches a resource source string (`refSource.URI`) against `spec.resources[].pattern` using Go's `regexp.MatchString`. In Go, `regexp.MatchString` reports a match if the pattern matches **anywhere** in the input string. As a result, common unanc
ghsa
CVE-2026-40924P3MEDIUM≥ 0, < 1.11.12026-04-21
CVE-2026-40924 [MEDIUM] CWE-400 Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion ## Summary The HTTP resolver's `FetchHttpResource` function calls `io.ReadAll(resp.Body)` with no response body size limit. Any tenant with permission to create TaskRuns or PipelineRuns that reference the HTTP resolver can point it at an attacker-c
ghsa
CVE-2026-33022P3MEDIUM≥ 0.60.0, < 1.0.1≥ 1.1.0, < 1.3.3+3 more2026-03-17
CVE-2026-33022 [MEDIUM] CWE-129 Tekton Pipelines controller panic via long resolver name in TaskRun/PipelineRun Tekton Pipelines controller panic via long resolver name in TaskRun/PipelineRun ### Summary A user with permission to create or update a TaskRun or PipelineRun can crash the Tekton Pipelines controller by setting `.spec.taskRef.resolver` (or `.spec.pipelineRef.resolver`) to a string of 31 characters or more, causing a denial of service for all reconciliation. ### Details The contro
ghsaosv
CVE-2026-40923P4MEDIUM≥ 0, < 1.11.12026-04-21
CVE-2026-40923 [MEDIUM] CWE-22 Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check ## Summary A validation bypass in the VolumeMount path restriction allows mounting volumes under restricted `/tekton/` internal paths by using `..` path traversal components. The restriction check uses `strings.HasPrefix` without `filepath.Clean`, so a path like `/tekt
ghsa
CVE-2023-37264P4LOW≥ 0.35.0, ≤ 0.52.02023-07-07
CVE-2023-37264 [LOW] CWE-345 Pipelines do not validate child UIDs Pipelines do not validate child UIDs ### Summary Pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child Task. We should add UID to PipelineRun status and validate that child Run status/results only come from Runs matching the same UID. ### Details While we [store and validate the PipelineRun's (api version
ghsaosv
Github.Com Tektoncd Pipeline vulnerabilities | cvebase