Portainer Community Edition Arbitrary File Read Vulnerability via Git Symlink Injection

A vulnerability in Portainer Community Edition versions 2.33.0 prior to 2.33.8, 2.39.0 prior to 2.39.2, and 2.40.0 prior to 2.41.0 allows for arbitrary file read through Git symlink injection. When a stack is deployed from a Git repository, Portainer clones the repository and translates Git symlink entries into real operating system symlinks on the host filesystem. This process, managed by 'go-git' v5, lacks proper validation, except for '.gitmodules', allowing other paths, including 'docker-compose.yml', to be created as symlinks. Portainer's API then reads the stack entry point through these symlinks, enabling access to arbitrary files readable by the Portainer process, which typically runs as root. This vulnerability can be exploited by any authenticated user with permission to manage Git-backed stacks, a default setting in Portainer CE.

Impact

Exploitation of this vulnerability leads to unauthorized access to files via the Portainer process, commonly as root. This access can include sensitive files such as '/etc/shadow', Kubernetes service account tokens, Docker secrets, and the Portainer database, which contains user credentials and API tokens. The vulnerability also allows for deferred exploitation through Portainer's stack auto-update feature.

Remediation

Users can upgrade to Portainer versions 2.33.8, 2.39.2, or 2.41.0. For those unable to upgrade immediately, it is advised to restrict the ability to create Git-backed stacks, avoid untrusted repositories, disable auto-update on existing stacks, and audit current stack working directories for unexpected symlink entries.