PT-2025-41491 · Unknown · Confidential Containers Trustee
Esposem
·
Publicado
2025-10-09
·
Atualizado
2025-10-09
·
CVE-2025-61779
CVSS v4.0
8.7
Alta
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Confidential Containers Trustee versions prior to 0.15.0
Description
The Confidential Containers Trustee project, which includes tools for attesting confidential guests and providing secrets, had a flaw in the attestation-policy endpoint. Before version 0.15.0, the endpoint did not verify the authentication of the
kbs-client making the request, allowing any client to modify the attestation policy. The kbs-client could submit requests to the /attestation-policy API endpoint without proper authentication.Recommendations
Update to version 0.15.0 or later.
Exploit
Correção
IDOR
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Confidential Containers Trustee