Vulnerability Database

318,638

Total vulnerabilities in the database

Constellation allows Emergency shell access during initramfs boot phase

Impact

An active attacker could let the boot fail on purpose in the initramfs, dropping the serial console into an emergency shell. This gives attackers with access to the serial console full control over the VM.

Patches

The issue has been patched in v2.6.0.

Workarounds

none

Published: Mar 9, 2023
Updated: Apr 14, 2023
GHSA: GHSA-6w5f-5wgr-qjg5
Severity: High
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
github.com/edgelesssys/constellation/v2	-	2.6.0

https://github.com/edgelesssys/constellation/releases/tag/v2.6.0
https://github.com/edgelesssys/constellation/security/advisories/GHSA-6w5f-5wgr-qjg5

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo