[advisory]
id = "HSEC-2024-0009"
keywords = ["biscuit"]
aliases = ["CVE-2024-41949", "GHSA-rgqv-mwc3-c78m", "GHSA-47cq-pc2v-3rmp"]

[[references]]
type = "ADVISORY"
url = "https://github.com/biscuit-auth/biscuit-haskell/security/advisories/GHSA-47cq-pc2v-3rmp"
[[references]]
type = "FIX"
url = "https://github.com/biscuit-auth/biscuit-haskell/pull/93"

[[affected]]
package = "biscuit-haskell"
cvss = "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N"

[[affected.versions]]
introduced = "0.3.0.0"
fixed = "0.4.0.0"

Public key confusion in third-party blocks

Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the necessary info to generate a third-party block and to sign it:

the public key of the previous block (used in the signature);
the public keys part of the token symbol table (for public key interning in datalog expressions).

A third-party block request forged by a malicious user can trick the third-party authority into generating datalog trusting the wrong keypair.

Advisories list

Public key confusion in third-party blocks