On boot, Pillar checks for /config/GlobalConfig/global.json and overrides system configuration if present. This allows enabling debug functions like SSH (debug.enable.ssh), USB keyboard (debug.enable.usb), and VNC access (app.allow.vnc) without triggering the measured boot. Thus, a user with physical access can take out the disk and modify the content of this file in the /config partition and then re-insert the disk.
Fixed in 10.1.0 and 9.4.3-lts
None
| Score | Percentile |
|---|---|
| 0.02% | 5.99% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 5.9 | 3.1 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-4c4v-42hc-72p6 ↗ |
| CVE | CVE-2023-43633 ↗ |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| go | github.com/lf-edge/eve | < 0.0.0-20220708121648-5fef4d92e758 | 0.0.0-20220708121648-5fef4d92e758 | — |