GHSA-6C87-G9PW-78FX
Vulnerability from github – Published: 2026-07-01 18:43 – Updated: 2026-07-01 18:43Summary
Config.registryFor selected a per-registry credential / CA / mirror block by checking strings.HasSuffix(name, fqdn) after stripping a single trailing dot.
The match has no boundary between the configured FQDN and any preceding characters in the request hostname.
A registry configured as [registries."ghcr.io."] is therefore also applied to any image pulled from a host whose name happens to end in the literal byte sequence ghcr.io,
including attacker-registered domains such as evilghcr.io.
The imagepuller would then send the configured Authorization header (basic auth, registry token, or identity token), trust the configured custom CA bundle,
follow the configured mirror, or honour insecure-skip-verify, on requests to that hostname.
Prerequisites
For this to be applicable, an image or layer must be pulled from a "sibling" domain ending in one of the FQDNs configured in the imagepuller config. This may occur due to malicious intent or coincidentally.
Impact
- Authentication header leaks to the sibling registry.
- If
insecure-skip-verifyis set on an FQDN, TLS will also not be verified for the sibling registry. - Mirrors configured for an FQDN will also be used with the sibling registry.
Not impacted
Image integrity is not impacted. Image bytes remain pinned by digest in the policy and are validated after the pull. This advisory does not allow code substitution.
Workaround
- If possible, configure explicit subdomains in the imagepuller config. A configuration for
[registries.".example.registry"]is unaffected, only[registries."example.registry"]is potentially affected. - Audit images and layers configured in the deployment for the existence of sibling domains.
Patches
After this patch, registry matches are determined by exact label equality instead of suffix matching.
Each .-separated part of the FQDN must be an exact match with the corresponding label in the image reference.
Severity
AV:Nbecause the leak is over the network to a registry under the attacker's control.AC:Hbecause exploitation requires the operator to have configured a registry FQDN without a leading.AND the attacker to control a sibling-suffix domain that the deployment will pull from.PR:Nfor the eventual recipient.S:Ubecause impact stays in the imagepuller.C:Lfor credential leak (no integrity / availability impact).
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.20.0"
},
"package": {
"ecosystem": "Go",
"name": "github.com/edgelesssys/contrast"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.21.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-1289"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-01T18:43:55Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "# Summary\n\n`Config.registryFor` selected a per-registry credential / CA / mirror block by checking `strings.HasSuffix(name, fqdn)` after stripping a single trailing dot.\u00a0\nThe match has no boundary between the configured FQDN and any preceding characters in the request hostname.\nA registry configured as `[registries.\"ghcr.io.\"]` is therefore also applied to any image pulled from a host whose name happens to end in the literal byte sequence `ghcr.io`,\u00a0\nincluding attacker-registered domains such as `evilghcr.io.`\u00a0\nThe imagepuller would then send the configured `Authorization` header (basic auth, registry token, or identity token), trust the configured custom CA bundle,\nfollow the configured mirror, or honour `insecure-skip-verify`, on requests to that hostname.\n\n# Prerequisites\n\nFor this to be applicable, an image or layer must be pulled from a \"sibling\" domain ending in one of the FQDNs configured in the imagepuller config.\nThis may occur due to malicious intent or coincidentally.\n\n# Impact\n\n- Authentication header leaks to the sibling registry.\n- If `insecure-skip-verify` is set on an FQDN, TLS will also not be verified for the sibling registry.\n- Mirrors configured for an FQDN will also be used with the sibling registry.\n\n## Not impacted\n\nImage integrity is **not** impacted. Image bytes remain pinned by digest in the policy and are validated after the pull.\nThis advisory does not allow code substitution.\n\n# Workaround\n\n- If possible, configure explicit subdomains in the imagepuller config. A configuration for `[registries.\".example.registry\"]` is unaffected, only `[registries.\"example.registry\"]` is potentially affected.\n- Audit images and layers configured in the deployment for the existence of sibling domains.\n\n# Patches\n\nAfter this patch, registry matches are determined by exact label equality instead of suffix matching.\nEach `.`-separated part of the FQDN must be an exact match with the corresponding label in the image reference.\n\n# Severity\n\n- `AV:N` because the leak is over the network to a registry under the attacker\u0027s control.\u00a0\n- `AC:H` because exploitation requires the operator to have configured a registry FQDN without a leading `.` AND the attacker to control a sibling-suffix domain that the deployment will pull from.\n- `PR:N` for the eventual recipient.\u00a0\n- `S:U` because impact stays in the imagepuller.\u00a0\n- `C:L` for credential leak (no integrity / availability impact).",
"id": "GHSA-6c87-g9pw-78fx",
"modified": "2026-07-01T18:43:56Z",
"published": "2026-07-01T18:43:55Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/edgelesssys/contrast/security/advisories/GHSA-6c87-g9pw-78fx"
},
{
"type": "WEB",
"url": "https://github.com/edgelesssys/contrast/commit/10826b1d82613025767fb094e8aa51a7dcfbd2a1"
},
{
"type": "PACKAGE",
"url": "https://github.com/edgelesssys/contrast"
},
{
"type": "WEB",
"url": "https://github.com/edgelesssys/contrast/releases/tag/v1.21.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Contrast\u0027s Imagepuller registryFor uses unanchored suffix matching, leaking auth credentials and trusted CA configuration to sibling-domain registries"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.