Vulnerabilities > CVE-2021-27099 - Incorrect Authorization vulnerability in Cncf Spire

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

high complexity

cncf

CWE-863

NVD

Published: 2021-03-05

Updated: 2021-03-16

Summary

In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the "aws_iid" Node Attestor improperly normalizes the path provided through the agent ID templating feature, which may allow the issuance of an arbitrary SPIFFE ID within the same trust domain, if the attacker controls the value of an EC2 tag prior to attestation, and the attestor is configured for agent ID templating where the tag value is the last element in the path. This issue has been fixed in SPIRE versions 0.11.3 and 0.12.1

Vulnerable Configurations

Part	Description	Count
Application	Cncf Cncf Spire 0.12.0 Cncf Spire 0.11.0 Cncf Spire 0.11.1 Cncf Spire 0.11.2 Cncf Spire 0.10.0 Cncf Spire 0.10.1 Cncf Spire 0.9.0 Cncf Spire 0.9.1 Cncf Spire 0.9.2 Cncf Spire 0.9.3 Cncf Spire - Cncf Spire 0.0.1 Cncf Spire 0.2 Cncf Spire 0.3 Cncf Spire 0.4 Cncf Spire 0.5 Cncf Spire 0.5.1 Cncf Spire 0.6.0 Cncf Spire 0.6.1 Cncf Spire 0.6.2 Cncf Spire 0.7.0 Cncf Spire 0.7.1 Cncf Spire 0.7.2 Cncf Spire 0.7.3 Cncf Spire 0.8.0 Cncf Spire 0.8.1 Cncf Spire 0.8.2 Cncf Spire 0.8.3 Cncf Spire 0.8.4	31

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://github.com/spiffe/spire/security/advisories/GHSA-q7gm-mjrg-44h9