Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do a command injection via vault template #814

Closed
Tracked by #37
commjoen opened this issue May 8, 2023 · 3 comments · Fixed by #1189
Closed
Tracked by #37

Do a command injection via vault template #814

commjoen opened this issue May 8, 2023 · 3 comments · Fixed by #1189
Assignees
@nwolniak
Labels
help wanted Extra attention is needed New Challenge Adding a new Challenge

Comments

@commjoen
Copy link
Collaborator

commjoen commented May 8, 2023
edited
Loading

Have a script that has a secret echoed in ****** after the vault injection, which with template injection can be uncovered.
@commjoen commjoen mentioned this issue May 8, 2023
Open
41 tasks
@commjoen commjoen added the New Challenge Adding a new Challenge label May 8, 2023
@commjoen commjoen added the help wanted Extra attention is needed label Aug 18, 2023
@nwolniak
Copy link
Contributor

@commjoen Hi, I would like to work on this challenge, can you assign it to me?

@nwolniak
Copy link
Contributor

@commjoen Is it good to echo the secret at the Vault path secret/secret-challenge vaultpassword after creating it in k8s-vault-minkube-start.sh script at line 82 as the first part of this issue?

@commjoen
Copy link
Collaborator Author

@nwolniak the sidecar which can get a secret using a vault template should echo it (as in the secret should be "echo 'random secret'" so that you can read it from the logging of the sidecar. https://developer.hashicorp.com/vault/docs/platform/k8s/injector

@nwolniak nwolniak mentioned this issue Jan 15, 2024
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nwolniak nwolniak

Labels
help wanted Extra attention is needed New Challenge Adding a new Challenge
Projects
Kanban board
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

New Challenge - Vault Template Injection nwolniak/wrongsecrets
2 participants
@commjoen @nwolniak