Tekton Pipelines' git resolver in API mode improperly sends the system-configured Git API token to a server URL controlled by the user when the token parameter is omitted. This allows a tenant with create permissions on TaskRun or PipelineRun to exfiltrate shared Git API tokens such as GitHub PATs or GitLab tokens by directing the serverURL to an attacker-controlled endpoint. The vulnerability affects versions from 1.0.0 up to but not including 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1. These versions include the fixes that address this issue. The CVSS 3.1 score is 7.7, indicating high severity with network attack vector, low attack complexity, and requiring privileges but no user interaction. The impact is confidentiality loss of sensitive tokens but no integrity or availability impact.

An attacker with TaskRun or PipelineRun create permissions can exfiltrate sensitive Git API tokens (such as GitHub PATs or GitLab tokens) by exploiting this vulnerability. This leads to a confidentiality breach of credentials that could be used to access Git repositories or related resources. There is no direct impact on integrity or availability reported. No known exploits in the wild have been documented.

Fixed versions of Tekton Pipelines are available starting from 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1. Users should upgrade to one of these versions to remediate the vulnerability. Patch status is not explicitly stated in the vendor advisory content provided, but the presence of fixed versions indicates an official fix is available. Until upgraded, restrict TaskRun and PipelineRun create permissions to trusted users only to reduce risk.