CVE-2023-45287: 
Grafana vulnerability analysis and mitigation

CVE-2023-45287 affects Go versions before 1.20, where RSA-based TLS key exchanges used the math/big library, which was not constant time. While RSA blinding was applied to prevent timing attacks, analysis revealed that the removal of PKCS#1 padding could leak timing information, potentially allowing attackers to recover session key bits. The vulnerability was discovered and disclosed in December 2023 (NVD, Go Project).

The vulnerability stems from the non-constant-time operations in the math/big library used for RSA-based TLS key exchanges. The timing side-channel could leak information during the removal of PKCS#1 padding, potentially exposing session key bits. The issue has a CVSS v3.1 base score of 7.5 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (NVD, Marvin Attack).

Successful exploitation of this vulnerability could allow attackers to decrypt RSA ciphertexts and forge signatures. For TLS servers using RSA encryption key exchanges, attackers could record sessions and decrypt them later. The vulnerability affects any system using Go's crypto/tls library for RSA operations before version 1.20 (Marvin Attack).

The vulnerability was fixed in Go 1.20, where the crypto/tls library switched to a fully constant-time RSA implementation. Users should upgrade to Go 1.20 or later versions. Additionally, it's recommended to disable RSA encryption ciphersuites and use forward-secure key exchange methods like Elliptic Curve Diffie-Hellman instead (Go Project, Marvin Attack).

The vulnerability has been dubbed the 'Marvin Attack' and has received significant attention in the security community. It represents a revival of the 25-year-old Bleichenbacher attack against RSA PKCS#1 v1.5 padding, demonstrating that even small timing differences can be exploitable in practice (Marvin Attack).