| id: GO-2024-2583 |
| modules: |
| - module: github.com/edgelesssys/marblerun |
| versions: |
| - fixed: 1.4.1 |
| vulnerable_at: 1.4.0 |
| packages: |
| - package: github.com/edgelesssys/marblerun/marble/premain |
| symbols: |
| - GramineActivate |
| - PreMain |
| - PreMainEgo |
| - PreMainMock |
| - PreMainEx |
| - ActivateRPC |
| - package: github.com/edgelesssys/marblerun/coordinator/core |
| symbols: |
| - Core.setTTLSConfig |
| derived_symbols: |
| - Core.Activate |
| summary: Encryption bypass in github.com/edgelesssys/marblerun |
| ghsas: |
| - GHSA-x5r5-2qrx-rqj8 |
| references: |
| - advisory: https://github.com/edgelesssys/marblerun/security/advisories/GHSA-x5r5-2qrx-rqj8 |
| - fix: https://github.com/edgelesssys/marblerun/commit/0330ced092253613a07abe7b330ff6ac6fc6e9c6 |
| - fix: https://github.com/edgelesssys/marblerun/commit/e5bcfe32883d22f3d87ffc9400f9fdb5ecbe3200 |
| - web: https://github.com/edgelesssys/marblerun/releases/tag/v1.4.1 |
| review_status: REVIEWED |