{
  "schema_version": "1.4.0",
  "id": "GHSA-6w5f-5wgr-qjg5",
  "modified": "2023-03-09T20:21:36Z",
  "published": "2023-03-09T20:21:36Z",
  "aliases": [],
  "summary": "Constellation allows Emergency shell access during initramfs boot phase",
  "details": "### Impact\n\nAn active attacker could let the boot fail on purpose in the initramfs, dropping the serial console into an emergency shell. This gives attackers with access to the serial console full control over the VM.\n\n### Patches\n\nThe issue has been patched in [v2.6.0](https://github.com/edgelesssys/constellation/releases/tag/v2.6.0).\n\n### Workarounds\n\nnone\n\n",
  "severity": [],
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/edgelesssys/constellation/v2"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6.0"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/edgelesssys/constellation/security/advisories/GHSA-6w5f-5wgr-qjg5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/edgelesssys/constellation"
    },
    {
      "type": "WEB",
      "url": "https://github.com/edgelesssys/constellation/releases/tag/v2.6.0"
    }
  ],
  "database_specific": {
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-09T20:21:36Z",
    "nvd_published_at": null
  }
}