Описание
RCE via ZipSlip and symbolic links in argoproj/argo-workflows
Summary
The patch deployed against CVE-2025-62156 is ineffective against malicious archives containing symbolic links.
Details
The untar code that handles symbolic links in archives is unsafe. Concretely, the computation of the link's target and the subsequent check are flawed: https://github.com/argoproj/argo-workflows/blob/5291e0b01f94ba864f96f795bb500f2cfc5ad799/workflow/executor/executor.go#L1034-L1037
PoC
- Create a malicious archive containing two files: a symbolik link with path "./work/foo" and target "/etc", and a normal text file with path "./work/foo/hostname".
- Deploy a workflow like the one in https://github.com/argoproj/argo-workflows/security/advisories/GHSA-p84v-gxvw-73pf with the malicious archive mounted at /work/tmp.
- Submit the workflow and wait for its execution.
- Connect to the corresponding pod and observe that the file "/etc/hostname" was altered by the untar operation performed on the malicious archive. The attacker can hence alter arbitrary files in this way.
Impact
The attacker can overwrite the file /var/run/argo/argoexec with a script of their choice, which will be executed at the pod's start.
Ссылки
- https://github.com/argoproj/argo-workflows/security/advisories/GHSA-xrqc-7xgx-c9vh
- https://nvd.nist.gov/vuln/detail/CVE-2025-66626
- https://github.com/argoproj/argo-workflows/commit/6b92af23f35aed4d4de8b04adcaf19d68f006de1
- https://github.com/advisories/GHSA-p84v-gxvw-73pf
- https://github.com/argoproj/argo-workflows/blob/5291e0b01f94ba864f96f795bb500f2cfc5ad799/workflow/executor/executor.go#L1034-L1037
Пакеты
github.com/argoproj/argo-workflows/v3
>= 3.7.0, < 3.7.5
3.7.5
github.com/argoproj/argo-workflows/v3
< 3.6.14
3.6.14
github.com/argoproj/argo-workflows
<= 2.5.3-rc4
Отсутствует
Связанные уязвимости
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions 3.6.13 and below and versions 3.7.0 through 3.7.4, contain unsafe untar code that handles symbolic links in archives. Concretely, the computation of a link's target and the subsequent check are flawed. An attacker can overwrite the file /var/run/argo/argoexec with a script of their choice, which would be executed at the pod's start. The patch deployed against CVE-2025-62156 is ineffective against malicious archives containing symbolic links. This issue is fixed in versions 3.6.14 and 3.7.5.