CVE-2021-27099 Information

Description

In SPIRE before versions 0.8.5 0.9.4 0.10.2 0.11.3 and 0.12.1 the ws_iid\ Node Attestor improperly normalizes the path provided through the agent ID templating feature which may allow the issuance of an arbitrary SPIFFE ID within the same trust domain if the attacker controls the value of an EC2 tag prior to attestation and the attestor is configured for agent ID templating where the tag value is the last element in the path. This issue has been fixed in SPIRE versions 0.11.3 and 0.12.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Reference

https://github.com/spiffe/spire/security/advisories/GHSA-q7gm-mjrg-44h9

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

NONE

Base Severity

6.8