transport: validate Bearer realm URL to prevent SSRF

[evilgensec]

Summary

fromChallenge() stored the realm value from a WWW-Authenticate: Bearer header verbatim, with no validation of scheme or destination host. When the client subsequently fetched a token, it made an HTTP request to whatever URL the registry supplied — including private/link-local addresses and non-HTTP schemes.

Root cause:

realm, ok := pr.Parameters["realm"]  // from attacker-controlled header
// ... stored directly, no validation
return &bearerTransport{realm: realm, ...}

Attack scenario: An attacker-controlled registry (or MITM on an HTTP registry connection) returns:

WWW-Authenticate: Bearer realm="http://169.254.169.254/latest/meta-data/iam/security-credentials/my-role",service="x"

The client sends a GET to the AWS/GCP instance metadata endpoint, leaking IAM credentials. The basic credentials sent with the token request are also leaked to the attacker-controlled realm.

This affects all tools using go-containerregistry for pulls: crane, ko, Kubernetes admission controllers, and CI/CD pipelines.

Fix

Add validateRealmURL() called from fromChallenge() before storing realm:

• Scheme: only https for secure registries; http additionally allowed for insecure registries
• IP literals: loopback, link-local unicast/multicast, and private-range addresses are rejected (blocks direct SSRF to RFC 1918 and cloud IMDS endpoints)

Related security report: https://issuetracker.google.com/issues/495960898

[Subserial]

The security report URL seems to be incorrect. The referenced issue seems unrelated.

[evilgensec]

Dear @Subserial,

I have updated the report url: https://issuetracker.google.com/issues/495960898

As the security tab of the program instructs to report vulnerabilities through google bug hunter, I have done so. If anything else is needed please let me know.

[evilgensec]

@Subserial Hope you are doing well. Is there any update on the issue?

[codecov-commenter]

Codecov Report

❌ Patch coverage is 33.33333% with 12 lines in your changes missing coverage. Please review.
✅ Project coverage is 52.96%. Comparing base (8b3c303) to head (f014b61).
⚠️ Report is 82 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/v1/remote/transport/bearer.go	33.33%	8 Missing and 4 partials ⚠️

❗ There is a different number of reports uploaded between BASE (8b3c303) and HEAD (f014b61). Click for more details.

HEAD has 1 upload less than BASE

Flag	BASE (8b3c303)	HEAD (f014b61)
	2	1

Additional details and impacted files

@@             Coverage Diff             @@
##             main    #2243       +/-   ##
===========================================
- Coverage   71.67%   52.96%   -18.72%     
===========================================
  Files         123      165       +42     
  Lines        9935    11215     +1280     
===========================================
- Hits         7121     5940     -1181     
- Misses       2115     4561     +2446     
- Partials      699      714       +15     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.