Lucene search
K

11 matches found

OSV
OSV
added 2026/02/05 3:20 a.m.9 views

GO-2026-4428 EVE's Debug Functions Unlockable Without Triggering Measured Boot in github.com/lf-edge/eve

EVE's Debug Functions Unlockable Without Triggering Measured Boot in github.com/lf-edge/eve...

8.8CVSS5.3AI score0.00159EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/02/04 9:36 p.m.10 views

EVE's Debug Functions Unlockable Without Triggering Measured Boot

Impact On boot, Pillar checks for /config/GlobalConfig/global.json and overrides system configuration if present. This allows enabling debug functions like SSH debug.enable.ssh, USB keyboard debug.enable.usb, and VNC access app.allow.vnc without triggering the measured boot. Thus, a user with...

8.8CVSS7.8AI score0.00159EPSS
Exploits0References7Affected Software1
Snyk
Snyk
added 2026/02/04 8:46 p.m.4 views

Insecure Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Insecure Storage of Sensitive Information due to the /config partition not being protected by measured boot, mutable, and unencrypted. An attacker can gain unauthorized root access by physically removing the disk, modifying the /config...

8.8CVSS8AI score0.00159EPSS
Exploits0References3
OSV
OSV
added 2026/02/04 8:46 p.m.30 views

GHSA-3MQ9-XHGQ-R7GJ EVE: SSH as Root Unlockable Without Triggering Measured Boot

Impact On boot, the Pillar container checks for /config/authorizedkeys. If present with a valid public key, it enables SSH on port 22 with root login. The /config partition is not protected by measured boot, is mutable and unencrypted. This enables an attacker with physical access to the device t...

5.9CVSS5.5AI score0.00159EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.17 views

PT-2026-6354

Impact On boot, the Pillar container checks for /config/authorized keys. If present with a valid public key, it enables SSH on port 22 with root login. The /config partition is not protected by measured boot, is mutable and unencrypted. This enables an attacker with physical access to the device ...

8.8CVSS5.5AI score0.00159EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/01/09 9:0 a.m.6 views

CVE-2023-43633

On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the file exists, it overrides the existing configuration on the device on boot. This allows an attacker to change the system’s configuration, which also includes some debug functions...

8.8CVSS6.8AI score0.00159EPSS
Exploits0References1
OSV
OSV
added 2023/09/21 3:30 p.m.5 views

GHSA-6958-8CPR-XGRQ Duplicate Advisory: EVE's Debug Functions Unlockable Without Triggering Measured Boot

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4c4v-42hc-72p6. This link is maintained to preserve external references. Original Description On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the...

8.8CVSS5.5AI score0.00159EPSS
Exploits0References3
OSV
OSV
added 2023/09/21 3:30 p.m.5 views

GHSA-F6WP-8J9R-FRRG Duplicate Advisory: EVE: SSH as Root Unlockable Without Triggering Measured Boot

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-phcg-h58r-gmcq. This link is maintained to preserve external references. Original Description On boot, the Pillar eve container checks for the existence and content of “/config/authorizedkeys”. If the file is...

8.8CVSS5.5AI score0.00159EPSS
Exploits0References3
OSV
OSV
added 2023/09/21 1:17 p.m.10 views

CVE-2023-43631 SSH as Root Unlockable Without Triggering Measured Boot

On boot, the Pillar eve container checks for the existence and content of “/config/authorizedkeys”. If the file is present, and contains a supported public key, the container will go on to open port 22 and enable sshd with the given keys as the authorized keys for root login. An attacker could...

8.8CVSS7.2AI score0.00159EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/09/21 12:0 a.m.2 views

PT-2023-28887

Name of the Vulnerable Software and Affected Versions Pillar eve container versions 9.0.0 and earlier Description The Pillar eve container checks for the existence and content of /config/authorized keys on boot. If the file is present and contains a supported public key, the container opens port ...

8.8CVSS7.7AI score0.00159EPSS
Exploits0References17
CNNVD
CNNVD
added 2023/09/20 12:0 a.m.4 views

EVE OS Security Vulnerability

EVE OS is a general-purpose, open Linux-based operating system for distributed edge computing open-sourced by IF Edge. EVE OS suffers from a security vulnerability that stems from PCR14 not properly measuring the configuration partition. An attacker could use the vulnerability to modify the...

8.8CVSS6.9AI score0.00106EPSS
Exploits0References3
Rows per page
Query Builder