CVE-2024-35238

Name of the Vulnerable Software and Affected Versions Minder versions prior to 0.0.51

Description Minder is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minder's sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on the response body. An attacker can exploit this by making Minder make a request to an attacker-controlled endpoint which returns a response with a large body that will crash the Minder server. Specifically, the point of failure is where Minder parses the response from the GitHub attestations endpoint in getAttestationReply. Here, Minder makes a request to the "orgs/$owner/attestations/$checksumref" GitHub endpoint and then parses the response into the AttestationReply. The way Minder parses the response makes it prone to DoS if the response is large enough, essentially requiring the response to be larger than the machine has available memory.

The content that is hosted at the "orgs/$owner/attestations/$checksumref" GitHub attestation endpoint is controlled by users, including unauthenticated users, to Minder's threat model. However, a user would need to configure their own Minder settings to cause Minder to make a request to fetch the attestations. The user would need to know of a package whose attestations were configured in such a way that they would return a large response when fetching them. The steps needed to carry out this attack would involve the attacker adding a package to ghcr.io with attestations that can be fetched via the "orgs/$owner/attestations/$checksumref" GitHub endpoint, registering on Minder, and making Minder fetch the attestations, which would then crash the server.

Recommendations For versions prior to 0.0.51, update to version 0.0.51 or later to resolve the issue. As a temporary workaround, consider restricting access to the getAttestationReply function or limiting the size of responses from the GitHub attestations endpoint to prevent large responses from crashing the Minder server.