biscuit-rust vulnerable to public key confusion in third party block
Description
biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the necessary info to generate a third-party block and to sign it, which includes the public key of the previous block (used in the signature) and the public keys part of the token symbol table (for public key interning in datalog expressions). A third-part block request forged by a malicious user can trick the third-party authority into generating datalog trusting the wrong keypair.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CVE-2024-41949: A forged ThirdPartyBlock request in biscuit-rust can trick the third-party authority into trusting the wrong public key, bypassing intended authorization checks.
Vulnerability
Overview
Biscuit is an authentication and authorization token for microservices architectures that supports offline delegation and decentralized validation. In the Rust implementation (biscuit-rust), third-party blocks can be generated by sending a ThirdPartyBlock request that includes the public key of the previous block and the public keys from the token's symbol table. This design allows an attacker to forge a request by altering the publicKeys field in the request, substituting a legitimate public key with a keypair the attacker controls [1][2].
Exploitation
Method
An attacker who holds a token can create a new third-party block signed with their own keypair, then craft a ThirdPartyBlockRequest that replaces their public key with a different public key (e.g., that of another intended third-party authority). The third-party authority B, receiving this tampered request, will generate a block that appears to trust a legitimate key (e.g., pubkeyC) but actually resolves to the attacker's key (pubkeyD) due to the mismatch between the request's symbol table and the actual block content [3][4]. This exploitation does not require special network privileges beyond normal token propagation, and the attacker can trick the system without obtaining the real third-party block from the intended authority.
Impact
Successful exploitation allows an attacker to bypass the trust chain required for token validation. In the example provided, a token that demands a check thirdparty("c") trusting ${pubkeyC} can be satisfied with a block signed by the attacker's key, effectively making the attacker's token valid for resources that should only be accessible after obtaining a block from authority C [3][4]. This undermines the entire authorization model of Biscuit, as third-party trust annotations become untrustworthy.
Mitigation
Status
The vulnerability has been addressed by the Biscuit project in a security advisory. Users are strongly advised to update to the latest patched version of biscuit-rust [3][4]. No workaround is available other than applying the fix. The flaw is also listed in the NVD with a CVSS v4.0 score pending, and the advisory warns that tokens with third-party blocks containing trusted annotations generated through a third-party block request are directly impacted.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
biscuit-authcrates.io | >= 4.0.0, < 5.0.0 | 5.0.0 |
Affected products
3- ghsa-coords2 versions
>= 4.0.0, < 5.0.0+ 1 more
- (no CPE)range: >= 4.0.0, < 5.0.0
- (no CPE)range: >= 0.3.0.0, < 0.4.0.0
- biscuit-auth/biscuit-rustv5Range: < 5.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-p9w4-585h-g3c7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-41949ghsaADVISORY
- github.com/biscuit-auth/biscuit-rust/security/advisories/GHSA-p9w4-585h-g3c7ghsax_refsource_CONFIRMWEB
- github.com/biscuit-auth/biscuit/security/advisories/GHSA-rgqv-mwc3-c78mghsaWEB
News mentions
0No linked articles in our index yet.