Kargo Server-Side Request Forgery Vulnerability Allowing Access to Cloud Metadata

A server-side request forgery (SSRF) vulnerability has been identified in Kargo versions 1.4.0 through 1.6.3, 1.7.0-rc.1 through 1.7.8, 1.8.0-rc.1 through 1.8.11, and 1.9.0-rc.1 through 1.9.4. The vulnerability exists in the 'http' and 'http-download' promotion steps, which allow requests to link-local addresses, including the cloud instance metadata endpoint at 169.254.169.254'. This access can lead to the unauthorized exfiltration of sensitive data, such as IAM credentials. The vulnerability arises because these promotion steps do not restrict destination addresses, allowing requests to internal endpoints that could be exploited to access sensitive metadata.

Impact

Exploitation of this vulnerability allows authenticated users with the right permissions to create or update promotion resources to access link-local addresses from within the Kargo controller. This includes the cloud instance metadata endpoint, which can be queried for sensitive information like IAM credentials. The 'http' promotion step can bypass standard cloud provider SSRF mitigations by allowing full control over request headers and methods, while the 'http-download' step, although more limited, can still be used to extract metadata information.

Reproduction

To reproduce this vulnerability, an authenticated user with permissions to create or update Kargo Stages can include malicious 'http' or 'http-download' steps in a Promotion manifest. Alternatively, a user with 'promote' permission can craft a Promotion resource that exploits this vulnerability. Once the Promotion is executed, the Kargo controller will reach out to the link-local address, allowing for metadata exfiltration.

Remediation

This vulnerability has been addressed in Kargo versions 1.6.4, 1.7.9, 1.8.12, and 1.9.5. Users should update to one of these versions.