Temporal Server and Temporal Cloud Namespace Privilege Escalation Vulnerability

A vulnerability exists in Temporal Server versions 1.29.0 prior to 1.29.5 and in Temporal Cloud when namespaces are on the same cell, allowing a writer role user in an attacker-controlled namespace to manipulate workflows or activities in a victim namespace on the same cluster. This exploitation requires knowledge or guessing of specific workflow IDs and, for signal operations, signal names. The issue arises from a bug that permitted attackers to control namespace name values in batch activities, bypassing proper validation and enabling unauthorized access to privileged credentials across namespaces. Exploitation is possible when internal components have cross-namespace authorization, such as with the internal-frontend service or equivalent TLS-based authorization for internal identities.

Impact

Exploitation allows for unauthorized manipulation of workflows and activities across namespaces, leveraging privileged credentials to perform actions on behalf of the victim namespace.

Remediation

Users can upgrade to Temporal Server version 1.29.5 or 1.30.3 to address this vulnerability.