Name of the Vulnerable Software and Affected Versions: MarbleRun versions prior to 1.7.0

Description: The issue allows an attacker to craft a sealed state using their own recovery keys and a manifest that does not match the rest of the state. This can lead to impersonation if network traffic is redirected from the legitimate coordinator to the attacker's coordinator, and the remote party does not compare the root certificate of the coordinator against a trusted reference. The attacker can trick a remote party into trusting the malicious coordinator by presenting a manifest that does not match the actual state of the deployment. This issue does not affect secrets and state of legitimate Coordinator instances, integrity of workloads, or certificates chaining back to the legitimate Coordinator root certificate.

Recommendations: For versions prior to 1.7.0, update to version 1.7.0 to resolve the issue. As a temporary workaround, consider authenticating connections based on a known Coordinator's root certificate, such as the one retrieved when using the marblerun manifest set CLI command, to minimize the risk of exploitation. Restrict access to untrusted coordinators to prevent impersonation attacks.