CVE-2022-23948

A flaw was found in Keylime before 6.3.0. The logic in the Keylime agent for checking for a secure mount can be fooled by previously created unprivileged mounts allowing secrets to be leaked to other processes on the host.
Configurations

Configuration 1 (hide)

cpe:2.3:a:keylime:keylime:*:*:*:*:*:*:*:*

History

22 Sep 2022, 16:23

Type Values Removed Values Added
References (MISC) https://github.com/keylime/keylime/security/advisories/GHSA-wj36-qcfg-5j52 - (MISC) https://github.com/keylime/keylime/security/advisories/GHSA-wj36-qcfg-5j52 - Third Party Advisory
References (MISC) https://github.com/keylime/keylime/commit/1a4f31a6368d651222683c9debe7d6832db6f607 - (MISC) https://github.com/keylime/keylime/commit/1a4f31a6368d651222683c9debe7d6832db6f607 - Patch, Third Party Advisory
References (MISC) https://github.com/keylime/keylime/commit/d37c406e69cb6689baa2fb7964bad75209703724 - (MISC) https://github.com/keylime/keylime/commit/d37c406e69cb6689baa2fb7964bad75209703724 - Patch, Third Party Advisory
References (MISC) https://seclists.org/oss-sec/2022/q1/101 - (MISC) https://seclists.org/oss-sec/2022/q1/101 - Exploit, Mailing List, Patch, Third Party Advisory
First Time Keylime
Keylime keylime
CPE cpe:2.3:a:keylime:keylime:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE NVD-CWE-noinfo

21 Sep 2022, 19:39

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-21 19:15

Updated : 2023-12-10 14:35


NVD link : CVE-2022-23948

Mitre link : CVE-2022-23948

CVE.ORG link : CVE-2022-23948


JSON object : View

Products Affected

keylime

  • keylime
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor