11 matches found
GO-2026-4428 EVE's Debug Functions Unlockable Without Triggering Measured Boot in github.com/lf-edge/eve
EVE's Debug Functions Unlockable Without Triggering Measured Boot in github.com/lf-edge/eve...
EVE's Debug Functions Unlockable Without Triggering Measured Boot
Impact On boot, Pillar checks for /config/GlobalConfig/global.json and overrides system configuration if present. This allows enabling debug functions like SSH debug.enable.ssh, USB keyboard debug.enable.usb, and VNC access app.allow.vnc without triggering the measured boot. Thus, a user with...
Insecure Storage of Sensitive Information
Overview Affected versions of this package are vulnerable to Insecure Storage of Sensitive Information due to the /config partition not being protected by measured boot, mutable, and unencrypted. An attacker can gain unauthorized root access by physically removing the disk, modifying the /config...
GHSA-3MQ9-XHGQ-R7GJ EVE: SSH as Root Unlockable Without Triggering Measured Boot
Impact On boot, the Pillar container checks for /config/authorizedkeys. If present with a valid public key, it enables SSH on port 22 with root login. The /config partition is not protected by measured boot, is mutable and unencrypted. This enables an attacker with physical access to the device t...
PT-2026-6354
Impact On boot, the Pillar container checks for /config/authorized keys. If present with a valid public key, it enables SSH on port 22 with root login. The /config partition is not protected by measured boot, is mutable and unencrypted. This enables an attacker with physical access to the device ...
CVE-2023-43633
On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the file exists, it overrides the existing configuration on the device on boot. This allows an attacker to change the system’s configuration, which also includes some debug functions...
GHSA-6958-8CPR-XGRQ Duplicate Advisory: EVE's Debug Functions Unlockable Without Triggering Measured Boot
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4c4v-42hc-72p6. This link is maintained to preserve external references. Original Description On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the...
GHSA-F6WP-8J9R-FRRG Duplicate Advisory: EVE: SSH as Root Unlockable Without Triggering Measured Boot
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-phcg-h58r-gmcq. This link is maintained to preserve external references. Original Description On boot, the Pillar eve container checks for the existence and content of “/config/authorizedkeys”. If the file is...
CVE-2023-43631 SSH as Root Unlockable Without Triggering Measured Boot
On boot, the Pillar eve container checks for the existence and content of “/config/authorizedkeys”. If the file is present, and contains a supported public key, the container will go on to open port 22 and enable sshd with the given keys as the authorized keys for root login. An attacker could...
PT-2023-28887
Name of the Vulnerable Software and Affected Versions Pillar eve container versions 9.0.0 and earlier Description The Pillar eve container checks for the existence and content of /config/authorized keys on boot. If the file is present and contains a supported public key, the container opens port ...
EVE OS Security Vulnerability
EVE OS is a general-purpose, open Linux-based operating system for distributed edge computing open-sourced by IF Edge. EVE OS suffers from a security vulnerability that stems from PCR14 not properly measuring the configuration partition. An attacker could use the vulnerability to modify the...