GHSA-6w5f-5wgr-qjg5

Suggest an improvement
Source
https://github.com/advisories/GHSA-6w5f-5wgr-qjg5
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-6w5f-5wgr-qjg5/GHSA-6w5f-5wgr-qjg5.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-6w5f-5wgr-qjg5
Aliases
Published
2023-03-09T20:21:36Z
Modified
2024-08-20T20:59:06.727657Z
Summary
Constellation allows Emergency shell access during initramfs boot phase
Details

Impact

An active attacker could let the boot fail on purpose in the initramfs, dropping the serial console into an emergency shell. This gives attackers with access to the serial console full control over the VM.

Patches

The issue has been patched in v2.6.0.

Workarounds

none

Database specific 
{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-09T20:21:36Z"
}
References

Affected packages

Go / github.com/edgelesssys/constellation/v2

Package

Name
github.com/edgelesssys/constellation/v2
View open source insights on deps.dev
Purl
pkg:golang/github.com/edgelesssys/constellation/v2

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.0