GHSA-WCMJ-X466-56MM

Vulnerability from github – Published: 2026-06-23 22:23 – Updated: 2026-06-23 22:23
VLAI
Summary
OpenTofu: Provider cache installation follows root-module-controlled package directory symlink and writes outside the working tree
Details

Summary

If a symlink already exists under the .terraform/providers directory where a provider package needs to be installed, tofu init would follow that symlink and install the new package content into it.

If an attacker can coerce an operator into running tofu init in a directory whose contents are attacker-controlled, they can include such a symlink along with instruction to install an attacker-controlled provider package at the path of that symlink, which would then cause OpenTofu to write the contents of that provider package into an arbitrary directory elsewhere in the filesystem if the OpenTofu process has sufficient permission to write there.

Details

OpenTofu permits provider cache entries to be symlinks to other locations because that is how the local cache in a specific working directory refers to matching entries in a global cache directory configured in the CLI configuration file.

Unfortunately, OpenTofu's provider installer was missing a rule to remove an existing symlink during installation if it refers to a directory that doesn't already match the expected provider package content. Instead, it would attempt to update the content of the target directory to match the content of the provider package.

If developers use OpenTofu with the TF_DATA_DIR environment variable set, note that the directory they specify in that environment variable is treated as a replacement location for the content that would normally be in the .terraform directory, and so it is that location which is sensitive to pre-existing symlinks.

In the newly-issued versions of OpenTofu, it is now considered an error if any existing directory entry is present in the cache whose content does not already match the expected package content. As before, if an existing entry is present and its content already matches the expected package content then OpenTofu makes no changes to the target directory and just uses it as-is.

Workaround

If developers cannot upgrade to a fixed version immediately, OpenTofu recommends that they ensure that there is no .terraform directory already present when running tofu init for the first time in a new working directory. The absence of that directory guarantees that there cannot be a conflicting symlink.

For an extra line of defense, verify before running tofu init that there are no symlinks anywhere under the current working directory that refer to any path above the current working directory. This limits the scope of attack only to other files in the same working directory, which the attacker already controls in this scenario.

Notes and Resources

  • OpenTofu thanks Francesco Sabiu (@fsabiu) for finding and responsibly disclosing this vulnerability.
  • Generally-speaking, the OpenTofu project expects that operators will run tofu init only in directories containing content they trust.

OpenTofu prioritized addressing this specific concern because a successful attack can write arbitrary files into an arbitrary directory and therefore the potential impact is relatively high and the solution to the problem is low-risk, but this is a pragmatic exception to the usual threat model and there aren't any plans for broader hardening of OpenTofu against attacks of this type. OpenTofu recommends that developers ensure that their working directory contents are as they expect before running tofu init.

In particular: it remains possible for an attacker to place a symlink at some higher point in the directory structure of the provider cache, into which OpenTofu will construct subdirectories needed to create the remaining provider cache directory structure. OpenTofu evaluated that as a less severe concern because it does not give the attacker full control over what is written into the target directory, but note that this does still allow an attacker to write arbitrary content into a directory two levels beneath the target when placing the symlink at the hostname level of the cache directory structure.
  • The original fix for this issue is in https://github.com/opentofu/opentofu/pull/4082. It was backported as follows:
Severity
6.1 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/opentofu/opentofu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.11.0"
            },
            {
              "fixed": "1.11.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/opentofu/opentofu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.10.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-61"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-23T22:23:01Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nIf a symlink already exists under the `.terraform/providers` directory where a provider package needs to be installed, `tofu init` would follow that symlink and install the new package content into it.\n\nIf an attacker can coerce an operator into running `tofu init` in a directory whose contents are attacker-controlled, they can include such a symlink along with instruction to install an attacker-controlled provider package at the path of that symlink, which would then cause OpenTofu to write the contents of that provider package into an arbitrary directory elsewhere in the filesystem if the OpenTofu process has sufficient permission to write there.\n\n## Details\n\nOpenTofu permits provider cache entries to be symlinks to other locations because that is how the local cache in a specific working directory refers to matching entries in a global cache directory configured in the CLI configuration file.\n\nUnfortunately, OpenTofu\u0027s provider installer was missing a rule to remove an existing symlink during installation if it refers to a directory that doesn\u0027t already match the expected provider package content. Instead, it would attempt to update the content of the target directory to match the content of the provider package.\n\nIf developers use OpenTofu with the `TF_DATA_DIR` environment variable set, note that the directory they specify in that environment variable is treated as a replacement location for the content that would normally be in the `.terraform` directory, and so it is _that_ location which is sensitive to pre-existing symlinks.\n\nIn the newly-issued versions of OpenTofu, it is now considered an error if any existing directory entry is present in the cache whose content does not already match the expected package content. As before, if an existing entry is present and its content already matches the expected package content then OpenTofu makes no changes to the target directory and just uses it as-is.\n\n## Workaround\n\nIf developers cannot upgrade to a fixed version immediately, OpenTofu recommends that they ensure that there is no `.terraform` directory already present when running `tofu init` for the first time in a new working directory. The absence of that directory guarantees that there cannot be a conflicting symlink.\n\nFor an extra line of defense, verify before running `tofu init` that there are no symlinks anywhere under the current working directory that refer to any path above the current working directory. This limits the scope of attack only to other files in the same working directory, which the attacker already controls in this scenario.\n\n## Notes and Resources\n\n- OpenTofu thanks Francesco Sabiu (@fsabiu) for finding and responsibly disclosing this vulnerability.\n- Generally-speaking, the OpenTofu project expects that operators will run `tofu init` only in directories containing content they trust.\n\n  OpenTofu prioritized addressing this _specific_ concern because a successful attack can write arbitrary files into an arbitrary directory and therefore the potential impact is relatively high and the solution to the problem is low-risk, but this is a pragmatic exception to the usual threat model and there aren\u0027t any plans for broader hardening of OpenTofu against attacks of this type. OpenTofu recommends that developers ensure that their working directory contents are as they expect before running `tofu init`.\n\n    In particular: it remains possible for an attacker to place a symlink at some higher point in the directory structure of the provider cache, into which OpenTofu will construct subdirectories needed to create the remaining provider cache directory structure. OpenTofu evaluated that as a less severe concern because it does not give the attacker full control over what is written into the target directory, but note that this does still allow an attacker to write arbitrary content into a directory two levels beneath the target when placing the symlink at the hostname level of the cache directory structure.\n- The original fix for this issue is in https://github.com/opentofu/opentofu/pull/4082. It was backported as follows:\n    - [v1.12 branch](https://github.com/opentofu/opentofu/pull/4087) for v1.12.0\n    - [v1.11 branch](https://github.com/opentofu/opentofu/pull/4088) for v1.11.7\n    - [v1.10 branch](https://github.com/opentofu/opentofu/pull/4089) for v1.10.10",
  "id": "GHSA-wcmj-x466-56mm",
  "modified": "2026-06-23T22:23:01Z",
  "published": "2026-06-23T22:23:01Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/opentofu/opentofu/security/advisories/GHSA-wcmj-x466-56mm"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/opentofu/opentofu"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenTofu: Provider cache installation follows root-module-controlled package directory symlink and writes outside the working tree"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.