Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Trustee's attestation-policy endpoint is not protected by admin autentication
Vulnerability Description
Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated (had the right key). This allowed any kbs-client to actually change the attestation policy. Version 0.15.0 fixes the issue.
CVSS Information
N/A
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
trustee 安全漏洞
Vulnerability Description
trustee是Confidential Containers开源的一个组件。 trustee 0.15.0之前版本存在安全漏洞,该漏洞源于attestation-policy端点未验证kbs-client身份,可能导致任意kbs-client修改认证策略。
CVSS Information
N/A
Vulnerability Type
N/A