GHSA-8FMJ-33GW-G7PW

Vulnerability from github – Published: 2024-05-28 16:55 – Updated: 2024-05-28 16:55
VLAI?
Summary
Denial of service of Minder Server from maliciously crafted GitHub attestations
Details

Minder is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it.

The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on the response body. An attacker can exploit this by making Minder make a request to an attacker-controlled endpoint which returns a response with a large body which will crash the Minder server.

Specifically, the point of failure is where Minder parses the response from the GitHub attestations endpoint in getAttestationReply. Here, Minder makes a request to the orgs/$owner/attestations/$checksumref GitHub endpoint (line 285) and then parses the response into the AttestationReply (line 295):

https://github.com/stacklok/minder/blob/daccbc12e364e2d407d56b87a13f7bb24cbdb074/internal/verifier/sigstore/container/container.go#L271-L300

The way Minder parses the response on line 295 makes it prone to DoS if the response is large enough. Essentially, the response needs to be larger than the machine has available memory.

To demonstrate this in an isolated way, consider the following example:

package main

import (
        "encoding/json"
        "fmt"
        "io"
        "strings"
)

type Attestation struct {
        Bundle json.RawMessage `json:"bundle"`
}

type AttestationReply struct {
        Attestations []Attestation `json:"attestations"`
}

func main() {
        m1 := strings.NewReader("{\"attestations\":[")
        maliciousBody := strings.NewReader(strings.Repeat("{\"bundle\":{\"k\": \"v\"{{,", 100000000))
        m2 := strings.NewReader("{\"bundle\":{\"k\": \"v\"}}]}")
        maliciousBodyReader := io.MultiReader(m1, maliciousBody, maliciousBody, maliciousBody, m2)
        fmt.Println("Created malicious body")

        var attestationReply AttestationReply
        _ = json.NewDecoder(maliciousBodyReader).Decode(&attestationReply)
}

This example mimics the behavior of Minders getAttestationReply and how a malicious response body passed to getAttestationReply’s parsing of the response will cause DoS.

When running this script locally on my system, Go incrementally increases memory consumption up to above 90%, freezes the machine and then performs a sigkill.

Attack vector

The content that is hosted at the orgs/$owner/attestations/$checksumref GitHub attestation endpoint is controlled by users including unauthenticated users to Minders threat model. However, a user will need to configure their own Minder settings to cause Minder to make Minder send a request to fetch the attestations. The user would need to know of a package whose attestations were configured in such a way that they would return a large response when fetching them. As such, the steps needed to carry out this attack would look as such:

  1. The attacker adds a package to ghcr.io with attestations that can be fetched via the orgs/$owner/attestations/$checksumref GitHub endpoint.
  2. The attacker registers on Minder and makes Minder fetch the attestations.
  3. Minder fetches attestations and crashes thereby being denied of service.
Severity ?
5.3 (Medium)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/stacklok/minder"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.51"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-35238"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-28T16:55:02Z",
    "nvd_published_at": "2024-05-27T18:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Minder is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it.\n\nThe root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on the response body. An attacker can exploit this by making Minder make a request to an attacker-controlled endpoint which returns a response with a large body which will crash the Minder server.\n\nSpecifically, the point of failure is where Minder parses the response from the GitHub attestations endpoint in `getAttestationReply`. Here, Minder makes a request to the `orgs/$owner/attestations/$checksumref` GitHub endpoint (line 285) and then parses the response into the `AttestationReply` (line 295):\n\nhttps://github.com/stacklok/minder/blob/daccbc12e364e2d407d56b87a13f7bb24cbdb074/internal/verifier/sigstore/container/container.go#L271-L300\n\nThe way Minder parses the response on line 295 makes it prone to DoS if the response is large enough. Essentially, the response needs to be larger than the machine has available memory.\n\nTo demonstrate this in an isolated way, consider the following example:\n\n```go\npackage main\n\nimport (\n        \"encoding/json\"\n        \"fmt\"\n        \"io\"\n        \"strings\"\n)\n\ntype Attestation struct {\n        Bundle json.RawMessage `json:\"bundle\"`\n}\n\ntype AttestationReply struct {\n        Attestations []Attestation `json:\"attestations\"`\n}\n\nfunc main() {\n        m1 := strings.NewReader(\"{\\\"attestations\\\":[\")\n        maliciousBody := strings.NewReader(strings.Repeat(\"{\\\"bundle\\\":{\\\"k\\\": \\\"v\\\"{{,\", 100000000))\n        m2 := strings.NewReader(\"{\\\"bundle\\\":{\\\"k\\\": \\\"v\\\"}}]}\")\n        maliciousBodyReader := io.MultiReader(m1, maliciousBody, maliciousBody, maliciousBody, m2)\n        fmt.Println(\"Created malicious body\")\n\n        var attestationReply AttestationReply\n        _ = json.NewDecoder(maliciousBodyReader).Decode(\u0026attestationReply)\n}\n\n```\n\nThis example mimics the behavior of Minders `getAttestationReply` and how a malicious response body passed to `getAttestationReply\u2019s` parsing of the response will cause DoS.\n\nWhen running this script locally on my system, Go incrementally increases memory consumption up to above 90%, freezes the machine and then performs a sigkill.\n\n## Attack vector\nThe content that is hosted at the `orgs/$owner/attestations/$checksumref` GitHub attestation endpoint is controlled by users including unauthenticated users to Minders threat model. However, a user will need to configure their own Minder settings to cause Minder to make Minder send a request to fetch the attestations. The user would need to know of a package whose attestations were configured in such a way that they would return a large response when fetching them. As such, the steps needed to carry out this attack would look as such:\n\n1. The attacker adds a package to ghcr.io with attestations that can be fetched via the `orgs/$owner/attestations/$checksumref` GitHub endpoint.\n2. The attacker registers on Minder and makes Minder fetch the attestations.\n3. Minder fetches attestations and crashes thereby being denied of service.\n",
  "id": "GHSA-8fmj-33gw-g7pw",
  "modified": "2024-05-28T16:55:02Z",
  "published": "2024-05-28T16:55:02Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/stacklok/minder/security/advisories/GHSA-8fmj-33gw-g7pw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35238"
    },
    {
      "type": "WEB",
      "url": "https://github.com/stacklok/minder/commit/fe321d345b4f738de6a06b13207addc72b59f892"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/stacklok/minder"
    },
    {
      "type": "WEB",
      "url": "https://github.com/stacklok/minder/blob/daccbc12e364e2d407d56b87a13f7bb24cbdb074/internal/verifier/sigstore/container/container.go#L271-L300"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Denial of service of Minder Server from maliciously crafted GitHub attestations"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.