Attestation user data (such as the digest of the public key in an aTLS connection) was bound to the issuer's TPM, but not to its PCR state. An attacker could intercept a node initialization, initialize the node themselves, and then impersonate an uninitialized node to the validator. In practice, this meant that a CSP insider with sufficient privileges would have been able to join a node under their control to a Constellation cluster.
The issue has been patched in v2.5.2.
none
{ "nvd_published_at": null, "cwe_ids": [ "CWE-200" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-02-17T20:51:24Z" }