GHSA-m43g-m425-p68x: junit-platform-reporting can leak Git credentials through its OpenTestReportGeneratingListener 

GHSA-hc55-p739-j48w: @modelcontextprotocol/server-filesystem vulnerability allows for path validation bypass via colliding path prefix

GHSA-q66q-fx2p-7w4m: @modelcontextprotocol/server-filesystem allows for path validation bypass via prefix matching and symlink handling

GHSA-h34r-jxqm-qgpr: juju/utils leaks private key in certs

GHSA-xg8h-j46f-w952: Pillow vulnerability can cause write buffer overflow on BCn encoding

### Impact

An active attacker could let the boot fail on purpose in the initramfs, dropping the serial console into an emergency shell. This gives attackers with access to the serial console full control over the VM.

### Patches

The issue has been patched in [v2.6.0](https://github.com/edgelesssys/constellation/releases/tag/v2.6.0).

### Workarounds

none



**Constellation allows Emergency shell access during initramfs boot phase**

High severity GitHub Reviewed Published Mar 9, 2023 in edgelesssys/constellation • Updated Mar 9, 2023

Headline

GHSA-6w5f-5wgr-qjg5: Constellation allows Emergency shell access during initramfs boot phase

Impact

Patches

Workarounds

ghsa: Latest News