cbcvebase.
CVE-2021-27098
published 2021-03-05

CVE-2021-27098: In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted requests to the FetchX509SVID RPC of SPIRE Server’s Legacy…

PriorityP346high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
EPSS
0.56%
42.3th percentile
In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted requests to the FetchX509SVID RPC of SPIRE Server’s Legacy Node API can result in the possible issuance of an X.509 certificate with a URI SAN for a SPIFFE ID that the agent is not authorized to distribute. Proper controls are in place to require that the caller presents a valid agent certificate that is already authorized to issue at least one SPIFFE ID, and the requested SPIFFE ID belongs to the same trust domain, prior to being able to trigger this vulnerability. This issue has been fixed in SPIRE versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1.

Affected

10 ranges
VendorProductVersion rangeFixed in
cncfspire>= 0.10.0 < 0.10.20.10.2
cncfspire>= 0.11.0 < 0.11.30.11.3
cncfspire>= 0.12.0 < 0.12.10.12.1
cncfspire0.8.1 – 0.8.4
cncfspire>= 0.9.0 < 0.9.40.9.4
github.comspiffe_spire>= 0.10.0 < 0.10.20.10.2
github.comspiffe_spire>= 0.11.0 < 0.11.30.11.3
github.comspiffe_spire>= 0.12.0 < 0.12.10.12.1
github.comspiffe_spire>= 0.8.1 < 0.8.50.8.5
github.comspiffe_spire>= 0.9.0 < 0.9.40.9.4

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.