CVE-2023-43631

Name of the Vulnerable Software and Affected Versions Pillar eve container versions 9.0.0 and earlier

Description The Pillar eve container checks for the existence and content of /config/authorized keys on boot. If the file is present and contains a supported public key, the container opens port 22 and enables sshd with the given keys as the authorized keys for root login. An attacker can add their own keys and gain full control over the system without triggering the "measured boot" mechanism or marking the device as "UUD" ("Unknown Update Detected"). This is because the /config partition is not protected by "measured boot", is mutable, and is not encrypted. An attacker can gain full control over the device without changing the PCR values, thus not triggering the "measured boot" mechanism, and having full access to the vault.

Recommendations For versions 9.0.0 and earlier, consider disabling the /config/authorized keys file or restricting access to it until a patch is available. As a temporary workaround, restrict access to the /config partition to minimize the risk of exploitation. Note that this issue was partially fixed in certain commits, but the fix is not included in version 9.0.0. At the moment, there is no information about a newer version that contains a fix for this vulnerability.