10 matches found
Improper Certificate Validation
github.com/in-toto/go-witness is vulnerable to Improper Certificate Validation. The vulnerability is due to the AWS attestor accepting EC2 instance identity documents without properly validating signatures and relying on outdated public certificates, which allows an attacker to supply or intercep...
GO-2025-4028 go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents in github.com/in-toto/go-witness
go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents in github.com/in-toto/go-witness...
CVE-2025-62375
go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...
go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents
Impact This vulnerability only affects users of the AWS attestor. Users of the AWS attestor could have unknowingly received a forged identity document. While this may seem unlikely, AWS recently issued a security bulletin about IMDS Instance Metadata Service impersonation.^1 There are multiple...
EUVD-2025-34679
go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents...
CVE-2025-62375
go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...
CVE-2025-62375 go-witness Improper Verification of AWS EC2 Identity Documents
go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...
CVE-2025-62375 go-witness Improper Verification of AWS EC2 Identity Documents
go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...
CVE-2025-62375 go-witness Improper Verification of AWS EC2 Identity Documents
go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...
go-witness 信任管理问题漏洞
go-witness is a Golang library open-sourced by in-toto. A trust management issue vulnerability exists in go-witness version 0.8.6 and earlier, which stems from the AWS attestor not properly validating AWS EC2 instance identity documents, which could lead to the acceptance of forged identity...