If you discover a security vulnerability in OKIT, please email: [email protected]
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
Severity: HIGH
Description:
Fixed a path traversal vulnerability that allowed arbitrary file reads through symbolic links in cloned Git repositories.
Impact:
Attackers could read sensitive files including SSH keys, OCI credentials, and system files.
Fix:
- Added URL allowlist validation
- Implemented symlink detection and removal
- Moved Git storage outside web-accessible directories
- Added path traversal prevention
When deploying OKIT:
- Configure Git Allowlist: Only add trusted repositories to the allowlist
- Use HTTPS: Always use HTTPS URLs for Git repositories
- Access Control: Implement authentication for OKIT endpoints
- Network Isolation: Deploy behind firewall or VPN
- Monitor Logs: Watch for security events
- Keep Updated: Regularly update to get latest security fixes
| Version | Supported |
|---|---|
| 0.68.x | ✅ |
| 0.67.x | ❌ (vulnerable) |
| < 0.67 | ❌ |