Home > Vulnerability Database > WS-2023-0044

Mend.io Vulnerability Database

WS-2023-0044

Date: August 19, 2025

User data in TPM attestation vulnerable to MITM. Attestation user data (such as the digest of the public key in an aTLS connection) was bound to the issuer's TPM, but not to its PCR state. An attacker could intercept a node initialization, initialize the node themselves, and then impersonate an uninitialized node to the validator. In practice, this meant that a CSP insider with sufficient privileges would have been able to join a node under their control to a Constellation cluster.

Language: Go

Severity Score

7.3

Related Resources (5)

Url: https://github.com/edgelesssys/constellation/commit/dfae30c9fa2ab848074c96278ffcd8d63671efa2

Url: https://github.com/edgelesssys/constellation/security/advisories/GHSA-r2h5-3hgw-8j34

Url: https://github.com/edgelesssys/constellation/releases/tag/v2.5.2

Url: https://github.com/edgelesssys/constellation

Url: https://www.mend.io/vulnerability-database/WS-2023-0044

Severity Score

7.3

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2023-0044

Date: August 19, 2025

Language: Go

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?