OFFSITE.DARK
← Signals

Jun 29, 2026

1 min

Sploitus / Exploitarium

  • gitea
  • actions
  • docker
  • ci
  • exploitarium

news

Gitea act_runner container.options Host Namespace Bypass

Workflow `container.options` preserves --pid=host and cap-add=ALL while Privileged=false — nsenter writes host marker from job container.

Summary

Workflow container.options preserves --pid=host and cap-add=ALL while Privileged=false — nsenter writes host marker from job container. This proof-of-concept is one of 30 folders in the Exploitarium collection. OFFSITE.DARK summarizes the upstream README and PoC design; we did not discover or weaponize this flaw.

Key Findings

FindingDetail
Product / targetGitea act_runner (Docker-backed)
PrimitivemergeContainerConfigs keeps HostConfig fields when privileged forced false
ImpactUntrusted workflow on shared runner → host PID namespace access and root marker command.

Attack Chain

YAML options → act_runner exec → nsenter → /tmp marker on host

Mitigation

Sanitize or block workflow container.options; dedicated ephemeral runners per trust zone.

Related Signals

Sources

→ Source