Horizon Alert
Summary of the vulnerability and why it matters
This advisory describes a critical vulnerability in a container launcher used by Google Gemini CLI and a related GitHub Action. The issue, if exploited, could allow an unprivileged attacker to execute code on a host system through a specially crafted file when running on certain automated build platforms. The primary concern is confirming if these specific tools and environments are in use within our organization.
- Allows code execution on host systems.
- Matters if automated build tools are in use.
- Confirm relevance and exposure for automated builds.
Attack Path
How an attacker could exploit the issue
An unprivileged attacker could potentially execute arbitrary code on a host system by tricking the container launcher into processing a specially crafted configuration file. This could occur on headless CI platforms where the CLI tool or GitHub Action is used, allowing the attacker to gain control over the host.
- Requires no prior access.
- Triggered by a crafted configuration file.
- Risk of host-level code execution.
Live Threat
Current exploitation, exposure, and threat context
On headless CI platforms, an unprivileged attacker could execute commands on the host system by using a maliciously crafted `.gemini/.env` file, which is supported by the advisory when using specific versions of the Google Gemini CLI or the run-gemini-cli GitHub Action.
- Pre-sandbox host-level code execution.
- Maliciously crafted .gemini/.env file.
- Compromise of CI/CD pipeline.
Operational Fix
Recommended remediation, mitigation, and detection steps
This vulnerability impacts container launchers for the Gemini CLI and the `run-gemini-cli` GitHub Action, primarily affecting headless CI platforms. Owners of these CI/CD systems and associated platform teams should prioritize identifying where these tools are deployed, assessing their reachability and business criticality. The initial practical move involves confirming existing deployments, identifying accountable owners, and then planning remediation based on the potential risk to host-level execution within the CI environment.
- Platform and CI/CD teams own resolution.
- Verify Gemini CLI and GitHub Action deployments.
- Plan remediation for identified instances.