CNNVD-202510-1224 Information
CNNVD ID
CNNVD-202510-1224
Related CVE
- CNNVD Published: 2025-10-09
Description (Chinese)
trustee是Confidential Containers开源的一个组件。 trustee 0.15.0之前版本存在安全漏洞,该漏洞源于attestation-policy端点未验证kbs-client身份,可能导致任意kbs-client修改认证策略。
Description (English)
Trustee is an open-source component of Confidential Containers. There is a security loophole in the pre-trustee version of 0.15.0, which stems from the failure of the attestation-policy endpoint to verify the kbs-client identity, which may lead to any kbs-client modification of the authentication strategy.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Confidential Containers
Published
2025-10-09
Last Modified
2026-02-24
References
https://github.com/confidential-containers/trustee/commit/3a7d04a70918fa503a00974dcae653cf9f0640e0 https://github.com/confidential-containers/trustee/pull/957 https://github.com/confidential-containers/trustee/security/advisories/GHSA-49mc-2q77-m99x
Patch
https://github.com/confidential-containers/trustee/releases
Share on: