Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the "aws_iid" Node Attestor improperly normalizes the path provided through the agent ID templating feature, which may allow the issuance of an arbitrary SPIFFE ID within the same trust domain, if the attacker controls the value of an EC2 tag prior to attestation, and the attestor is configured for agent ID templating where the tag value is the last element in the path. This issue has been fixed in SPIRE versions 0.11.3 and 0.12.1
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Andrew Harding SPIRE 安全漏洞
Vulnerability Description
Andrew Harding SPIRE是 (Andrew Harding)开源的一个应用软件。提供API的工具链,用于在各种托管平台上的软件系统之间建立信任。 SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12 存在安全漏洞,该漏洞源于不适当地规范了通过代理ID模板功能提供的路径。
CVSS Information
N/A
Vulnerability Type
N/A