GHSA-f5p4-p5q5-jv3h

Source

https://github.com/advisories/GHSA-f5p4-p5q5-jv3h

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-f5p4-p5q5-jv3h/GHSA-f5p4-p5q5-jv3h.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-f5p4-p5q5-jv3h

Aliases

GO-2025-4078

Published

2025-10-28T17:49:59Z

Modified

2025-11-05T22:11:22Z

Severity

5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Contrast has insecure LUKS2 persistent storage partitions may be opened and used

Details

Summary

A malicious host may provide a crafted LUKS2 volume to a Contrast pod VM that uses the secure persistent volume feature. The guest will open the volume and write secret data using a volume key known to the attacker.

LUKS2 volume metadata is (a) not authenticated and (b) supports null key-encryption algorithms, allowing an attacker to create a volume such that the volume:

Opens (cryptsetup open) without error using any passphrase or token
Records all writes in plaintext (or ciphertext with an attacker-known key)

Details

Contrast uses cryptsetup to setup secure persistent volumes, using the secret seed as key for the cryptsetup encryption. To do so the Contrast Initializer will invoke the cryptsetup CLI. If the device provided by Kubernetes is a identified as cryptsetup device, the Initializer assumes a pod restart happened and the device was previously encrypted with the secret seed. The Initializer will try to open the device, and assume it is protected if the operation succeeds. However, due to the unsafe handling of null keyslot algorithms in the cryptsetup 2.8.1, it is possible that the opened volume is not encrypted at all.

Cryptsetup prior to version 2.8.1 does not report an error when processing LUKS2-formatted disks that use the cipher_null-ecb algorithm in the keyslot encryption field.

Impact

Using a maliciously crafted cryptsetup device, an attacker can read confidential data that was written to the persistent volume that should have been protected by encryption.

Notice that Contrast's persistent volumes weren't integrity protected, so the integrity impact of this attack isn't considered.

Patches

A partial fix landed in cryptsetup version 2.8.1, disabling null ciphers in keyslots when the user passphrase is nonempty. Contrast shipped this cryptsetup version shortly after it has been released upstream, in Contrast version v1.12.1.

However, LUKS header parsing and interpretation remains a large attack surface. Attackers may still be able to modify LUKS headers in other ways, such as triggering automatic reencryption or downgrading to weak ciphers. As a long term hardening solution, LUKS disks is encrypted in detached header mode. The detached header resides in a tmpfs file inside guest RAM, and is checked before it is used to open the device. This has been implemented in #1731 and released as part of Contrast v1.13.0.

In addition, we added integrity protection for secure persistent storage as a new feature in #1734, which was also shipped as part of v1.13.0.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-347",
        "CWE-552"
    ],
    "github_reviewed_at": "2025-10-28T17:49:59Z",
    "severity": "MODERATE",
    "github_reviewed": true
}

References

Affected packages

Go / github.com/edgelesssys/contrast

Package

Name: github.com/edgelesssys/contrast; View open source insights on deps.dev
Purl: pkg:golang/github.com/edgelesssys/contrast

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.12.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-f5p4-p5q5-jv3h/GHSA-f5p4-p5q5-jv3h.json"

last_known_affected_version_range

"<= 1.12.0"