A flaw in the Java agent injection path allows a local attacker controlling a Java workload to overwrite arbitrary host files when Java injection is enabled and OBI is running with elevated privileges. The injector trusted TMPDIR from the target process and used unsafe file creation semantics, enabling both filesystem boundary escape and symlink-based file clobbering.
Upgrade to https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/releases/tag/v0.8.0.
The issue is in the Java agent staging logic in pkg/internal/java/java_inject.go.
The injector reads TMPDIR from the target process environment in findTempDir(...) and validates it with dirOK(...). In the vulnerable implementation, dirOK(...) used filepath.Join(root, dir), where root is /proc/<pid>/root. If dir is an absolute path, filepath.Join discards root, so values such as /etc or /proc/1/root/etc are resolved on the host instead of within the target process root.
That validated value is later reused in copyAgent(...) to build the destination path for the Java agent JAR. As a result, a malicious process can influence the privileged injector to write outside the intended /proc/<pid>/root boundary.
The file creation step further increases impact. The vulnerable code created the destination with os.OpenFile(..., os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o644). Because this does not use exclusive creation or symlink protections, an attacker can pre-create a symlink at the chosen destination, for example in a writable temp directory, and cause the injector to truncate or overwrite another file writable by the privileged OBI process.
Relevant code paths:
pkg/internal/java/java_inject.go: findTempDir(...)pkg/internal/java/java_inject.go: dirOK(...)pkg/internal/java/java_inject.go: copyAgent(...)In short, the vulnerability is caused by two issues acting together:
TMPDIR from the target...0.8.0Exploitability
AV:LAC:LPR:LUI:NScope
S:CImpact
C:NI:HA:H8.4/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H