March 2026 Critical

SSRF to RCE — Container Escape on a CI/CD Platform

How a blind SSRF in a webhook feature escalated to full remote code execution and potential supply chain compromise.

The Target

A widely used CI/CD (Continuous Integration / Continuous Delivery) platform that helps engineering teams automate their build, test, and deployment pipelines. Thousands of companies rely on it to ship code to production.

The Discovery

While testing the platform's webhook notification feature, I noticed the application allowed users to specify a URL where build events would be sent. The server would make an HTTP request to that URL whenever a pipeline event occurred.

I started by pointing the webhook to my own server and confirmed the request was coming from the platform's infrastructure. Then I tried something simple — pointing the URL at the cloud metadata service:

http://169.254.169.254/latest/meta-data/

The response came back with the full metadata directory listing. This confirmed a blind SSRF vulnerability — the server was making requests on my behalf without validating the destination.

The Escalation Chain

1

SSRF — Cloud Metadata Access: By querying the instance metadata service, I retrieved the IAM role credentials attached to the build worker. These temporary AWS credentials had permissions far beyond what a webhook handler should need.

2

Token Theft — Service Credentials: The leaked IAM role had access to internal services, including the ability to pull container images and interact with the orchestration layer. I also found internal API tokens stored as environment variables accessible through the metadata endpoint.

3

RCE — Command Execution: Using the stolen credentials, I was able to interact with the container orchestration API and schedule a new container with a custom entrypoint. This gave me a reverse shell inside the platform's infrastructure.

4

Container Escape: The containers were running with elevated privileges. By exploiting a misconfigured mount and the container runtime, I escaped the container boundary and gained access to the host system.

5

Supply Chain Impact: From the host, I had visibility into other customers' build pipelines — environment variables, source code references, deployment secrets, and signing keys. Modifying a build pipeline at this point would mean injecting malicious code into every deployment for that customer.

Impact

  • Full remote code execution on internal infrastructure
  • Access to cloud credentials (IAM roles, API tokens)
  • Container escape to host-level access
  • Cross-tenant visibility into other customers' pipelines
  • Potential supply chain attack affecting downstream users

Timeline

Reported and triaged within 24 hours. The team deployed a fix restricting internal network access from webhook handlers and hardened the container isolation within the same week.

Takeaway

Never underestimate a "simple" SSRF. In cloud environments, SSRF is often the first domino — it gives you metadata, metadata gives you credentials, and credentials give you the keys to the kingdom. Always test webhook and callback features for internal network access, especially on platforms that run in cloud infrastructure with IAM roles attached to instances.

← Back to Blog