ghsa-q4xm-6fjc-5f6w
Vulnerability from github
5.4 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
Summary
sigstore-java has insufficient verification for a situation where a validly-signed but "mismatched" bundle is presented as proof of inclusion into a transparency log
Impact
This bug impacts clients using any variation of KeylessVerifier.verify()
The verifier may accept a bundle with an unrelated log entry, cryptographically verifying everything but fails to ensure the log entry applies to the artifact in question, thereby "verifying" a bundle without any proof the signing event was logged.
This allows the creation of a bundle without fulcio certificate and private key combined with an unrelated but time-correct log entry to fake logging of a signing event. A malicious actor using a compromised identity may want to do this to prevent discovery via rekor's log monitors.
The signer's identity will still be available to the verifier. The signature on the bundle must still be on the correct artifact for the verifier to pass.
sigstore-gradle-plugin and sigstore-maven-plugin are not affected by this as they only provide signing functionality.
Steps To Reproduce
Build the java sigstore-cli at v1.0.0
shell
git clone --branch v1.0.0 git@github.com:sigstore/sigstore-java
cd sigstore-java
./gradlew :sigstore-cli:build
tar -xf sigstore-cli/build/distributions/sigstore-cli-1.0.0-SNAPSHOT.tar --strip-components 1
Create two random blobs
shell
dd bs=1 count=50 </dev/urandom > blob1
dd bs=1 count=50 </dev/urandom > blob2
Sign each blob using the cli
shell
./bin/sigstore-cli sign --bundle=blob1.sigstore.json blob1
./bin/sigstore-cli sign --bundle=blob2.sigstore.json blob2
Create a falsified bundle including the base64Signature and cert fields from blob1's bundle and the rekorBundle from blob2's bundle
shell
jq --slurpfile bundle2 blob2.sigstore.json '.verificationMaterial.tlogEntries = $bundle2[0].verificationMaterial.tlogEntries' blob1.sigstore.json > invalidBundle.sigstore.json
Find the embedded artifact hash in the bundle, and compare to the sha256 sums of blob1 and blob2. See that the bundle tlog entry matches blob2. ```shell cat invalidBundle.sigstore.json | jq -r '.verificationMaterial.tlogEntries[0].canonicalizedBody' | base64 -d | jq -r '.spec.data.hash.value'
sha256sum blob1 blob2 ```
Verify the bundle against blob1 ```shell ./bin/sigstore-cli verify --bundle=invalidBundle.sigstore.json blob1
no errors???!
```
Patches
Patched in v1.1.0 release with https://github.com/sigstore/sigstore-java/pull/856 Added conformance test for all clients in: https://github.com/sigstore/sigstore-conformance/pull/166
Workarounds
- Verifiers can recreate the log entry and compare it to the provided log entry.
var bundle = Bundle.from(bundleFile, StandardCharsets.UTF); var rekorEntry = bundle.getEntries().get(0) var calculatedHashedRekord = Base64.toBase64String( HashedRekordRequest.newHashedRekordRequest( artifactDigest, Certificates.toPemBytes(leafCert), signature) .toJsonPayload() .getBytes(StandardCharsets.UTF_8)); if (!Objects.equals(calculatedHashedRekord, rekorEntry.getBody())) { throw new Exception("Provided verification materials are inconsistent with log entry"); } - Verifiers can contact the log and discover if the artifact signing event has indeed been added to the log
java var bundle = Bundle.from(bundleFile, StandardCharsets.UTF); var artifactDigest = Files.asByteSource(Path.of(artifact).toFile()).hash(Hashing.sha256()).asBytes(); var sigstoreTufClientBuilder = SigstoreTufClient.builder().usePublicGoodInstance(); var trustedRootProvider = TrustedRootProvider.from(sigstoreTufClientBuilder); var entry = RekorEntryFetcher.fromTrustedRoot(trustedRootProvider).getEntryFromRekor(artifactDigest, Certificates.getLeaf(bundle.getCertPath()), bundle.getMessageSignature().get().getSignature()); RekorVerifier.newRekorVerifier(trustedRootProvider.get()).verifyEntry(entry);
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "dev.sigstore:sigstore-java"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.1.0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.0.0"
]
}
],
"aliases": [
"CVE-2024-53267"
],
"database_specific": {
"cwe_ids": [
"CWE-345",
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2024-11-26T16:38:18Z",
"nvd_published_at": "2024-11-26T19:15:30Z",
"severity": "MODERATE"
},
"details": "### Summary\nsigstore-java has insufficient verification for a situation where a validly-signed but \"mismatched\" bundle is presented as proof of inclusion into a transparency log\n\n### Impact\n\nThis bug impacts clients using any variation of KeylessVerifier.verify()\n\nThe verifier may accept a bundle with an unrelated log entry, cryptographically verifying everything but fails to ensure the log entry applies to the artifact in question, thereby \"verifying\" a bundle without any proof the signing event was logged.\n\nThis allows the creation of a bundle without fulcio certificate and private key combined with an unrelated but time-correct log entry to fake logging of a signing event. A malicious actor using a compromised identity may want to do this to prevent discovery via rekor\u0027s log monitors.\n\nThe signer\u0027s identity will still be available to the verifier. The signature on the bundle must still be on the correct artifact for the verifier to pass.\n\nsigstore-gradle-plugin and sigstore-maven-plugin are not affected by this as they only provide signing functionality.\n\n### Steps To Reproduce\n\nBuild the java sigstore-cli at v1.0.0\n```shell\ngit clone --branch v1.0.0 git@github.com:sigstore/sigstore-java\ncd sigstore-java\n./gradlew :sigstore-cli:build\ntar -xf sigstore-cli/build/distributions/sigstore-cli-1.0.0-SNAPSHOT.tar --strip-components 1\n```\n\nCreate two random blobs\n```shell\ndd bs=1 count=50 \u003c/dev/urandom \u003e blob1\ndd bs=1 count=50 \u003c/dev/urandom \u003e blob2\n```\n\nSign each blob using the cli\n```shell\n./bin/sigstore-cli sign --bundle=blob1.sigstore.json blob1\n./bin/sigstore-cli sign --bundle=blob2.sigstore.json blob2\n```\n\nCreate a falsified bundle including the base64Signature and cert fields from blob1\u0027s bundle and the rekorBundle from blob2\u0027s bundle\n```shell\njq --slurpfile bundle2 blob2.sigstore.json \u0027.verificationMaterial.tlogEntries = $bundle2[0].verificationMaterial.tlogEntries\u0027 blob1.sigstore.json \u003e invalidBundle.sigstore.json\n```\n\nFind the embedded artifact hash in the bundle, and compare to the sha256 sums of blob1 and blob2. See that the bundle tlog entry matches blob2.\n```shell\ncat invalidBundle.sigstore.json | jq -r \u0027.verificationMaterial.tlogEntries[0].canonicalizedBody\u0027 | base64 -d | jq -r \u0027.spec.data.hash.value\u0027\n\nsha256sum blob1 blob2\n```\n\nVerify the bundle against blob1\n```shell\n./bin/sigstore-cli verify --bundle=invalidBundle.sigstore.json blob1\n# no errors???!\n```\n\n### Patches\nPatched in v1.1.0 release with https://github.com/sigstore/sigstore-java/pull/856\nAdded conformance test for all clients in: https://github.com/sigstore/sigstore-conformance/pull/166\n\n### Workarounds\n1. Verifiers can recreate the log entry and compare it to the provided log entry.\n```\nvar bundle = Bundle.from(bundleFile, StandardCharsets.UTF);\nvar rekorEntry = bundle.getEntries().get(0)\nvar calculatedHashedRekord =\n Base64.toBase64String(\n HashedRekordRequest.newHashedRekordRequest(\n artifactDigest, Certificates.toPemBytes(leafCert), signature)\n .toJsonPayload()\n .getBytes(StandardCharsets.UTF_8));\nif (!Objects.equals(calculatedHashedRekord, rekorEntry.getBody())) {\n throw new Exception(\"Provided verification materials are inconsistent with log entry\");\n}\n```\n2. Verifiers can contact the log and discover if the artifact signing event has indeed been added to the log\n```java\nvar bundle = Bundle.from(bundleFile, StandardCharsets.UTF);\nvar artifactDigest = Files.asByteSource(Path.of(artifact).toFile()).hash(Hashing.sha256()).asBytes();\nvar sigstoreTufClientBuilder = SigstoreTufClient.builder().usePublicGoodInstance();\nvar trustedRootProvider = TrustedRootProvider.from(sigstoreTufClientBuilder);\nvar entry = RekorEntryFetcher.fromTrustedRoot(trustedRootProvider).getEntryFromRekor(artifactDigest, Certificates.getLeaf(bundle.getCertPath()), bundle.getMessageSignature().get().getSignature());\nRekorVerifier.newRekorVerifier(trustedRootProvider.get()).verifyEntry(entry);\n```\n",
"id": "GHSA-q4xm-6fjc-5f6w",
"modified": "2024-11-26T21:43:36Z",
"published": "2024-11-26T16:38:18Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sigstore/sigstore-java/security/advisories/GHSA-q4xm-6fjc-5f6w"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53267"
},
{
"type": "WEB",
"url": "https://github.com/sigstore/sigstore-conformance/pull/166"
},
{
"type": "WEB",
"url": "https://github.com/sigstore/sigstore-java/pull/856"
},
{
"type": "PACKAGE",
"url": "https://github.com/sigstore/sigstore-java"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "sigstore-java has vulnerability with bundle verification"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.