kaniko has tar archive path traversal in build context extraction allows writing files outside destination directory

kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. Starting in version 1.25.4 and prior to version 1.25.10, kaniko unpacks build context archives using `filepath.Join(dest, cleanedName)` without enforcing that the final path stays within `dest`. A tar entry like `../outside.txt` escapes the extraction root and writes files outside the destination directory. In environments with registry authentication, this can be chained with docker credential helpers to achieve code execution within the executor process. Version 1.25.10 uses securejoin for path resolution in tar extraction.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

对路径名的限制不恰当(路径遍历)

kaniko 路径遍历漏洞

kaniko是Chainguard Forks开源的一个在Kubernetes中构建容器映像的工具。 kaniko 1.25.10之前版本存在路径遍历漏洞，该漏洞源于解压构建上下文归档时未确保最终路径在目标目录内，可能导致路径遍历和任意文件写入，进而结合凭证助手实现代码执行。

N/A

N/A