CVE-2024-51997

Trustee is a set of tools and components for attesting confidential guests and providing secrets to them. The ART (**Attestation Results Token**) token, generated by AS, could be manipulated by MITM attacker, but the verifier (CoCo Verification Demander like KBS) could still verify it successfully. In the payload of ART token, the ‘jwk’ could be replaced by attacker with his own pub key. Then attacker can use his own corresponding private key to sign the crafted ART token. Based on current code implementation (v0.8.0), such replacement and modification can not be detected. This issue has been addressed in version 0.8.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/confidential-containers/trustee/security/advisories/GHSA-7jc6-j236-vvjw

Configurations

No configuration.

History

No history.

Information

Published : 2024-11-08 19:15

Updated : 2024-11-12 13:56

NVD link : CVE-2024-51997

Mitre link : CVE-2024-51997

CVE.ORG link : CVE-2024-51997

JSON object : View

Products Affected

No product.

CWE

CWE-287

Improper Authentication

{"id": "CVE-2024-51997", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2024-11-08T19:15:06.487", "references": [{"url": "https://github.com/confidential-containers/trustee/security/advisories/GHSA-7jc6-j236-vvjw", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Trustee is a set of tools and components for attesting confidential guests and providing secrets to them. The ART (**Attestation Results Token**) token, generated by AS, could be manipulated by MITM attacker, but the verifier (CoCo Verification Demander like KBS) could still verify it successfully. In the payload of ART token, the \u2018jwk\u2019 could be replaced by attacker with his own pub key. Then attacker can use his own corresponding private key to sign the crafted ART token. Based on current code implementation (v0.8.0), such replacement and modification can not be detected. This issue has been addressed in version 0.8.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "Trustee es un conjunto de herramientas y componentes para certificar a los invitados confidenciales y proporcionarles secretos. El token ART (**Attestation Results Token**), generado por AS, podr\u00eda ser manipulado por un atacante MITM, pero el verificador (CoCo Verification Demander como KBS) a\u00fan podr\u00eda verificarlo con \u00e9xito. En el payload del token ART, el atacante podr\u00eda reemplazar el 'jwk' con su propia clave p\u00fablica. Luego, el atacante puede usar su propia clave privada correspondiente para firmar el token ART creado. Seg\u00fan la implementaci\u00f3n del c\u00f3digo actual (v0.8.0), no se puede detectar dicho reemplazo y modificaci\u00f3n. Este problema se ha solucionado en la versi\u00f3n 0.8.2 y se recomienda a todos los usuarios que actualicen. No existen workarounds para esta vulnerabilidad."}], "lastModified": "2024-11-12T13:56:54.483", "sourceIdentifier": "security-advisories@github.com"}