Security analysts at Tier Zero Security warned this week that the integration between NuGet, Visual Studio, and MSBuild creates a significant attack surface, allowing for code execution before a project is even compiled. The firm’s investigation highlights how the automated nature of CI/CD pipelines can be weaponized to compromise developer environments.
Modern CI/CD pipelines automate mundane tasks like unit testing and deployment by running scripts whenever code is committed. While this improves developer velocity, these pipelines often house sensitive credentials, such as database strings and publishing keys. Tier Zero Security notes that the design of the .NET ecosystem—specifically the way NuGet interacts with MSBuild—permits the inclusion of custom build targets that can trigger command-line executions.
According to the outlet, NuGet packages can contain `.targets` or `.props` files that MSBuild interprets during the project restoration phase. These files can utilize the MSBuild `exec` task, which is designed to run specific programs or commands. Because these operations occur early in the pipeline, malicious code can execute before dependencies are fully validated.
Trust zones and the 'Mark of the Web' gap
The researchers also scrutinized Microsoft’s 'Mark of the Web' (MoTW) security control, which is intended to warn users when they open files downloaded from the internet. While Visual Studio uses 'Trust Zones' to protect developers from malicious macros or executables, Tier Zero Security discovered that these protections are often bypassed when cloning code repositories directly.
When the firm reported this behavior to the Microsoft Security Response Center (MSRC), the company declined to treat it as an immediate vulnerability. Microsoft stated that Visual Studio projects are intentionally designed to support multiple code execution paths, noting that opening or cloning a project is a user-initiated action that may involve evaluating build targets.
This is not the first time this architectural risk has surfaced. Tier Zero Security reported that the issue was raised to the NuGet team as early as 2020. At that time, the team responded: "I believe we will break many packages, tools, etc that heavily rely on this functionality without an alternative."
The firm warns that as supply chain attacks like the recent LiteLLM incident—where publishing credentials were stolen via a compromised upstream scanner—become more frequent, developers must remain vigilant about the hidden code execution paths inherent in their build tools.
