Search criteria
2 vulnerabilities by confidential-containers
CVE-2025-61779 (GCVE-0-2025-61779)
Vulnerability from cvelistv5 – Published: 2025-10-09 20:53 – Updated: 2025-10-10 14:32
VLAI?
Title
Trustee's attestation-policy endpoint is not protected by admin autentication
Summary
Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated (had the right key). This allowed any kbs-client to actually change the attestation policy. Version 0.15.0 fixes the issue.
Severity ?
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| confidential-containers | trustee |
Affected:
< 0.15.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61779",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-10T14:32:46.403550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T14:32:49.097Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/confidential-containers/trustee/security/advisories/GHSA-49mc-2q77-m99x"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "trustee",
"vendor": "confidential-containers",
"versions": [
{
"status": "affected",
"version": "\u003c 0.15.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Confidential Containers\u0027s Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn\u0027t check if the kbs-client submitting the request was actually authenticated (had the right key). This allowed any kbs-client to actually change the attestation policy. Version 0.15.0 fixes the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T20:53:33.855Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/confidential-containers/trustee/security/advisories/GHSA-49mc-2q77-m99x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/confidential-containers/trustee/security/advisories/GHSA-49mc-2q77-m99x"
},
{
"name": "https://github.com/confidential-containers/trustee/pull/957",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/confidential-containers/trustee/pull/957"
},
{
"name": "https://github.com/confidential-containers/trustee/commit/3a7d04a70918fa503a00974dcae653cf9f0640e0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/confidential-containers/trustee/commit/3a7d04a70918fa503a00974dcae653cf9f0640e0"
}
],
"source": {
"advisory": "GHSA-49mc-2q77-m99x",
"discovery": "UNKNOWN"
},
"title": "Trustee\u0027s attestation-policy endpoint is not protected by admin autentication"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-61779",
"datePublished": "2025-10-09T20:53:33.855Z",
"dateReserved": "2025-09-30T19:43:49.901Z",
"dateUpdated": "2025-10-10T14:32:49.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-51997 (GCVE-0-2024-51997)
Vulnerability from cvelistv5 – Published: 2024-11-08 18:40 – Updated: 2024-11-12 17:17
VLAI?
Title
The Attestation Results Token can be arbitrarily modified without being detected in Trustee
Summary
Trustee is a set of tools and components for attesting confidential guests and providing secrets to them. The ART (**Attestation Results Token**) token, generated by AS, could be manipulated by MITM attacker, but the verifier (CoCo Verification Demander like KBS) could still verify it successfully. In the payload of ART token, the ‘jwk’ could be replaced by attacker with his own pub key. Then attacker can use his own corresponding private key to sign the crafted ART token. Based on current code implementation (v0.8.0), such replacement and modification can not be detected. This issue has been addressed in version 0.8.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
8.1 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| confidential-containers | trustee |
Affected:
< 0.8.2
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:confidential-containers:trustee:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "trustee",
"vendor": "confidential-containers",
"versions": [
{
"lessThan": "0.8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51997",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:00:53.215840Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T17:17:50.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "trustee",
"vendor": "confidential-containers",
"versions": [
{
"status": "affected",
"version": "\u003c 0.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trustee is a set of tools and components for attesting confidential guests and providing secrets to them. The ART (**Attestation Results Token**) token, generated by AS, could be manipulated by MITM attacker, but the verifier (CoCo Verification Demander like KBS) could still verify it successfully. In the payload of ART token, the \u2018jwk\u2019 could be replaced by attacker with his own pub key. Then attacker can use his own corresponding private key to sign the crafted ART token. Based on current code implementation (v0.8.0), such replacement and modification can not be detected. This issue has been addressed in version 0.8.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T18:40:31.701Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/confidential-containers/trustee/security/advisories/GHSA-7jc6-j236-vvjw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/confidential-containers/trustee/security/advisories/GHSA-7jc6-j236-vvjw"
}
],
"source": {
"advisory": "GHSA-7jc6-j236-vvjw",
"discovery": "UNKNOWN"
},
"title": "The Attestation Results Token can be arbitrarily modified without being detected in Trustee"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-51997",
"datePublished": "2024-11-08T18:40:31.701Z",
"dateReserved": "2024-11-04T17:46:16.777Z",
"dateUpdated": "2024-11-12T17:17:50.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}