Aqua Security Trivy Supply Chain Compromise Vulnerability

A supply chain vulnerability has been identified in Aqua Security's Trivy tool, specifically in version 0.69.4 of the Trivy binary and container image, as well as in the 'aquasecurity/trivy-action' and 'aquasecurity/setup-trivy' GitHub Actions. This vulnerability was introduced when a threat actor used compromised credentials to publish a malicious Trivy release, replacing legitimate version tags in the GitHub Actions with malicious commits that included credential-stealing malware. The attack exploited a window of opportunity during a credential rotation process, allowing the attacker to maintain access and execute the malicious actions. As a result, secrets from affected pipelines may have been exfiltrated and uploaded to a repository on the victim's GitHub account.

Impact

Exploitation of this vulnerability allowed for the injection of credential-stealing malware into the Trivy GitHub Action workflows, which could exfiltrate secrets from the GitHub Actions runner environment. Additionally, the malicious Trivy Docker images could be pulled and executed, leading to the same credential theft.

Reproduction

The vulnerability can be reproduced by pulling the malicious Trivy Docker images (v0.69.4, v0.69.5, or v0.69.6) from Docker Hub or mirror.gcr.io, and by using the compromised 'aquasecurity/trivy-action' or 'aquasecurity/setup-trivy' GitHub Actions in a workflow. The malicious Trivy v0.69.4 release can also be downloaded from the GitHub Releases page, and the v0.69.4 Debian package can be installed from the Aqua Security APT repository.

Remediation

Users should immediately update to the safe versions of Trivy (v0.69.2 or v0.69.3), 'trivy-action' (v0.35.0), and 'setup-trivy' (v0.2.6). If a compromised version of Trivy was used, all pipeline secrets should be treated as exposed and rotated. Organizations should also review their GitHub Actions workflows for signs of compromise and pin GitHub Actions to full SHA references.