Server side template injection In github.com/cri-o/cri-o
Description
CRI-O vulnerable to an arbitrary systemd property injection
Impact
On CRI-O, it looks like an arbitrary systemd property can be injected via a Pod annotation:
--- apiVersion: v1 kind: Pod metadata: name: poc-arbitrary-systemd-property-injection annotations: # I believe that ExecStart with an arbitrary command works here too, # but I haven't figured out how to marshalize the ExecStart struct to gvariant string....
This means that any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.
Tested with CRI-O v1.24 on minikube. I didn't test the latest v1.29 because it is incompatible with minikube: https://github.com/kubernetes/minikube/pull/18367
Thanks to Cédric Clerget (GitHub ID @cclerget) for finding out that CRI-O just passes pod annotations to OCI annotations: https://github.com/opencontainers/runc/pull/3923#discussion_r1532292536
CRI-O has to filter out annotations that have the prefix "org.systemd.property."
See also:
Workarounds
Unfortunately, the only workarounds would involve an external mutating webhook to disallow these annotations
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 go | 1.29.4, 1.28.6, 1.27.6 | ||
go | - |
Aliases
References