Vulnerability DatabaseWS-2023-0044
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
WS-2023-0044
November 03, 2024
User data in TPM attestation vulnerable to MITM. Attestation user data (such as the digest of the public key in an aTLS connection) was bound to the issuer's TPM, but not to its PCR state. An attacker could intercept a node initialization, initialize the node themselves, and then impersonate an uninitialized node to the validator. In practice, this meant that a CSP insider with sufficient privileges would have been able to join a node under their control to a Constellation cluster.
Related Resources (4)
https://github.com/edgelesssys/constellation
https://github.com/edgelesssys/constellation/commit/dfae30c9fa2ab848074c96278ffcd8d63671efa2
https://github.com/edgelesssys/constellation/security/advisories/GHSA-r2h5-3hgw-8j34
https://github.com/edgelesssys/constellation/releases/tag/v2.5.2
Do you need more information?
Contact Us
CVSS v4
Base Score:
9.2
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Exposure of Sensitive Information to an Unauthorized Actor
CWE-200