Описание
Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Prior to 2.14.2, a security vulnerability has been identified in the Harden-Runner GitHub Action (Community Tier) that allows outbound network connections to evade audit logging. Specifically, outbound traffic using the sendto, sendmsg, and sendmmsg socket system calls can bypass detection and logging when using egress-policy: audit. This vulnerability is fixed in 2.14.2.
A flaw was found in Harden-Runner, a CI/CD security agent. This vulnerability allows outbound network connections to evade audit logging. A remote attacker could exploit this by using specific socket system calls (sendto, sendmsg, and sendmmsg) to bypass detection and logging when the egress-policy: audit is enabled. This could lead to unauthorized information disclosure or a bypass of security monitoring.
Отчет
This vulnerability is rated as Moderate, in part due to the following necessary preconditions for exploitation to be possible:
- Harden-runner must be in audit mode.
- The attacker must already have code execution capabilities within the GitHub Actions workflow. Note: When using egress-policy: block, these connections are properly blocked.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| External Secrets Operator for Red Hat OpenShift | external-secrets-operator/bitwarden-sdk-server-rhel9 | Fix deferred | ||
| External Secrets Operator for Red Hat OpenShift | external-secrets-operator/external-secrets-operator-bundle | Fix deferred | ||
| External Secrets Operator for Red Hat OpenShift | external-secrets-operator/external-secrets-operator-rhel9 | Fix deferred | ||
| External Secrets Operator for Red Hat OpenShift | external-secrets-operator/external-secrets-rhel9 | Fix deferred | ||
| Gatekeeper 3 | gatekeeper/gatekeeper-rhel9 | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/addon-manager-rhel9 | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/placement-rhel9 | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/registration-operator-rhel9 | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/registration-rhel9 | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/work-rhel9 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS3
Связанные уязвимости
Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Prior to 2.14.2, a security vulnerability has been identified in the Harden-Runner GitHub Action (Community Tier) that allows outbound network connections to evade audit logging. Specifically, outbound traffic using the sendto, sendmsg, and sendmmsg socket system calls can bypass detection and logging when using egress-policy: audit. This vulnerability is fixed in 2.14.2.
Harden-Runner: Bypassing Logging of Outbound Connections Using sendto, sendmsg, and sendmmsg in Harden-Runner (Community Tier)
4.3 Medium
CVSS3