Summary
Trivy's plugin manager does not fully validate metadata from a plugin's manifest before using it to construct filesystem paths under the plugin root (~/.trivy/plugins). A crafted plugin can cause Trivy to write its files (the manifest and the downloaded plugin binary) outside the plugin root, to an arbitrary location writable by the user running Trivy.
Plugins are third-party binaries that Trivy downloads and executes, so Trivy's documentation already advises installing only plugins you trust. This issue does not change that trust boundary: exploitation requires the user to install a malicious plugin in the first place.
Affected configurations
The vulnerability is triggered only when a user installs an attacker-controlled plugin, for example via trivy plugin install <SOURCE> or trivy plugin run <SOURCE>. An attacker has to trick a user into installing a plugin they crafted, for instance by publishing it or by getting a malicious source pasted into a command or documentation snippet.
Plugins distributed through the official Trivy plugin index are not affected.
Impact
A user who installs a malicious plugin can have files written outside the plugin root, to any location writable by the user running Trivy. The vulnerability does not grant any privileges beyond what that user already has.
Patches
Fixed in Trivy 0.72.0. Users should upgrade to that release or later.
Workarounds
Only install Trivy plugins from sources you trust. Plugins from the official Trivy plugin index are safe. See the plugin documentation for details.
Credits
Reported by @fatihhcelik.
Summary
Trivy's plugin manager does not fully validate metadata from a plugin's manifest before using it to construct filesystem paths under the plugin root (
~/.trivy/plugins). A crafted plugin can cause Trivy to write its files (the manifest and the downloaded plugin binary) outside the plugin root, to an arbitrary location writable by the user running Trivy.Plugins are third-party binaries that Trivy downloads and executes, so Trivy's documentation already advises installing only plugins you trust. This issue does not change that trust boundary: exploitation requires the user to install a malicious plugin in the first place.
Affected configurations
The vulnerability is triggered only when a user installs an attacker-controlled plugin, for example via
trivy plugin install <SOURCE>ortrivy plugin run <SOURCE>. An attacker has to trick a user into installing a plugin they crafted, for instance by publishing it or by getting a malicious source pasted into a command or documentation snippet.Plugins distributed through the official Trivy plugin index are not affected.
Impact
A user who installs a malicious plugin can have files written outside the plugin root, to any location writable by the user running Trivy. The vulnerability does not grant any privileges beyond what that user already has.
Patches
Fixed in Trivy
0.72.0. Users should upgrade to that release or later.Workarounds
Only install Trivy plugins from sources you trust. Plugins from the official Trivy plugin index are safe. See the plugin documentation for details.
Credits
Reported by @fatihhcelik.