CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23950
https://notcve.org/view.php?id=CVE-2022-23950
In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations. En Keylime versiones anteriores a 6.3.0, el notificador de revocación usa una ruta /tmp fija para el socket de dominio UNIX que puede permitir a usuarios no privilegiado un método para prohibir las operaciones de Keylime • https://github.com/keylime/keylime/commit/ea5d0373fa2c050d5d95404eb779be7e8327b911 https://github.com/keylime/keylime/security/advisories/GHSA-9r9r-f8xc-m875 https://seclists.org/oss-sec/2022/q1/101 • CWE-379: Creation of Temporary File in Directory with Insecure Permissions CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23949
https://notcve.org/view.php?id=CVE-2022-23949
In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar. En Keylime versiones anteriores a 6.3.0, los UUIDs no saneados pueden ser pasados por un agente deshonesto y pueden conllevar a una suplantación de registros en el verificador y el registrador • https://github.com/keylime/keylime/commit/387e320dc22c89f4f47c68cb37eb9eec2137f34b https://github.com/keylime/keylime/commit/65c2b737129b5837f4a03660aeb1191ced275a57 https://github.com/keylime/keylime/commit/e429e95329fc60608713ddfb82f4a92ee3b3d2d9 https://github.com/keylime/keylime/security/advisories/GHSA-87gh-qc28-j9mm https://seclists.org/oss-sec/2022/q1/101 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43310
https://notcve.org/view.php?id=CVE-2021-43310
A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remote code execution. Una vulnerabilidad en Keylime versiones anteriores a 6.3.0, permite a un atacante diseñar una petición al agente que restablezca las claves U y V como si el agente estuviera volviéndose a añadir a un verificador. Esto podría conllevar a una ejecución de código remota • https://github.com/keylime/keylime/security/advisories/GHSA-2m39-75g9-ff5r https://seclists.org/oss-sec/2022/q1/101 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23948
https://notcve.org/view.php?id=CVE-2022-23948
A flaw was found in Keylime before 6.3.0. The logic in the Keylime agent for checking for a secure mount can be fooled by previously created unprivileged mounts allowing secrets to be leaked to other processes on the host. Se ha encontrado un fallo en Keylime versiones anteriores a 6.3.0. La lógica en el agente de Keylime para la comprobación de un montaje seguro puede ser engañada por montajes no privilegiados previamente creados, permitiendo que los secretos sean filtrados a otros procesos en el host • https://github.com/keylime/keylime/commit/1a4f31a6368d651222683c9debe7d6832db6f607 https://github.com/keylime/keylime/commit/d37c406e69cb6689baa2fb7964bad75209703724 https://github.com/keylime/keylime/security/advisories/GHSA-wj36-qcfg-5j52 https://seclists.org/oss-sec/2022/q1/101 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-1053
https://notcve.org/view.php?id=CVE-2022-1053
Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an AK of a software TPM. A successful attack breaks the entire chain of trust because a not validated AK is used by the verifier. This issue is worse if the validation happens first and then the agent gets added to the verifier because the timing is easier and the verifier does not validate the regcount entry being equal to 1, Keylime no hace valer que los datos de registro del agente sean los mismos cuando el inquilino lo usa para la comprobación del EK y la cita de identidad y el verificador para comprobar la cita de integridad. Esto permite a un atacante usar un par AK, EK de un TPM real para pasar la comprobación del EK y dar al verificador un AK de un TPM de software. • https://bugzilla.redhat.com/show_bug.cgi?id=2065024%2C https://github.com/keylime/keylime/commit/bd5de712acdd77860e7dc58969181e16c7a8dc5d https://github.com/keylime/keylime/security/advisories/GHSA-jf66-3q76-h5p5%2C https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A7WAKVXM7L5D2DUACV6EHA6EJNAX2GVL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RF6QHU4UGSBATC3HOOE7OP66CYVTR7CV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject& • CWE-20: Improper Input Validation •