Esposem

**Name of the Vulnerable Software and Affected Versions** Confidential Containers Trustee versions prior to 0.15.0 **Description** The Confidential Containers Trustee project, which includes tools for attesting confidential guests and providing secrets, had a flaw in the attestation-policy endpoint. Before version 0.15.0, the endpoint did not verify the authentication of the `kbs-client` making the request, allowing any client to modify the attestation policy. The `kbs-client` could submit requests to the `/attestation-policy` API endpoint without proper authentication. **Recommendations** Update to version 0.15.0 or later.