Ratify Azure Authentication Token Leakage Vulnerability

A vulnerability exists in Ratify versions through 1.2.2, 1.3.0, and 1.3.1, allowing Azure authentication tokens to be improperly exchanged with non-Azure Container Registries. This issue arises because Ratify's Azure workload identity and managed identity providers failed to verify if the target registry was an Azure Container Registry (ACR). As a result, an Entra ID (EID) token could be mistakenly presented to a non-ACR registry, potentially leading to the extraction and misuse of EID tokens with ACR access, especially if a user's workload referenced a malicious registry.

Impact

Exploitation of this vulnerability could result in unauthorized access to Azure Container Registry resources, allowing for the extraction and abuse of authentication tokens inappropriately exchanged with non-ACR registries.

Reproduction

In a Kubernetes environment, configure Ratify to use a private Azure Container Registry with the Azure workload identity or managed identity authentication providers. Before version 1.2.3 or 1.3.2, these providers would exchange an Entra ID token for an ACR refresh token without verifying that the registry was an ACR. This could lead to the EID token being presented to a non-ACR registry, creating a risk of token misuse if the workload referenced a malicious registry.

Remediation

Update Ratify to version 1.2.3 or 1.3.2, which includes the necessary validation to ensure that EID tokens are only exchanged with verified ACR registries.