Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted requests to the FetchX509SVID RPC of SPIRE Server’s Legacy Node API can result in the possible issuance of an X.509 certificate with a URI SAN for a SPIFFE ID that the agent is not authorized to distribute. Proper controls are in place to require that the caller presents a valid agent certificate that is already authorized to issue at least one SPIFFE ID, and the requested SPIFFE ID belongs to the same trust domain, prior to being able to trigger this vulnerability. This issue has been fixed in SPIRE versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Andrew Harding SPIRE 信任管理问题漏洞
Vulnerability Description
Andrew Harding SPIRE是 (Andrew Harding)开源的一个应用软件。提供API的工具链,用于在各种托管平台上的软件系统之间建立信任。 SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12 存在安全漏洞,目前尚无此漏洞的相关信息,请随时关注CNNVD或厂商公告。
CVSS Information
N/A
Vulnerability Type
N/A