CVE-2024-51997

Name of the Vulnerable Software and Affected Versions Trustee versions 0.8.0 through 0.8.1

Description The issue concerns the Attestation Results Token (ART) token, which can be manipulated by a Man-In-The-Middle (MITM) attacker. The jwk in the ART token payload can be replaced with the attacker's own public key, allowing the attacker to sign the crafted ART token with their corresponding private key. This replacement and modification cannot be detected based on the current code implementation.

Recommendations For Trustee versions 0.8.0 through 0.8.1, upgrade to version 0.8.2 to address the issue. At the moment, there is no information about other workarounds for this issue.