Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-27098

In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted requests to the FetchX509SVID RPC of SPIRE Server’s Legacy Node API can result in the possible issuance of an X.509 certificate with a URI SAN for a SPIFFE ID that the agent is not authorized to distribute. Proper controls are in place to require that the caller presents a valid agent certificate that is already authorized to issue at least one SPIFFE ID, and the requested SPIFFE ID belongs to the same trust domain, prior to being able to trigger this vulnerability. This issue has been fixed in SPIRE versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1.

Published

2021-03-05T17:15:14.920

Last Modified

2024-11-21T05:57:20.830

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

4.9

Weaknesses

Type: Primary
CWE-295

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cncf	spire	≤ 0.8.4	Yes
Application	cncf	spire	< 0.9.4	Yes
Application	cncf	spire	< 0.10.2	Yes
Application	cncf	spire	< 0.11.3	Yes
Application	cncf	spire	< 0.12.1	Yes

References

https://github.com/spiffe/spire/security/advisories/GHSA-h746-rm5q-8mgq Third Party Advisory ([email protected])
https://github.com/spiffe/spire/security/advisories/GHSA-h746-rm5q-8mgq Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)