Описание
Go package github.com/edgelesssys/marblerun CLI commands susceptible to MITM attacks
Impact
Any CLI command issued to a Coordinator after the Manifest has been set, is susceptible to be redirected to another MarbleRun Coordinator instance, which runs the same binary, but potentially a different manifest.
Patches
The issue has been patched in v1.4.0
Workarounds
Directly using the REST API of the Coordinator and manually verifying and pinning the certificate to a set Manifest avoids the issue.
Пакеты
Наименование
github.com/edgelesssys/marblerun
go
Затронутые версииВерсия исправления
< 1.4.0
1.4.0
Дефекты
CWE-300
Дефекты
CWE-300