CVE-2022-23948
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
21/09/2022
Last modified:
29/05/2025
Description
A flaw was found in Keylime before 6.3.0. The logic in the Keylime agent for checking for a secure mount can be fooled by previously created unprivileged mounts allowing secrets to be leaked to other processes on the host.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:keylime:keylime:*:*:*:*:*:*:*:* | 6.3.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/keylime/keylime/commit/1a4f31a6368d651222683c9debe7d6832db6f607
- https://github.com/keylime/keylime/commit/d37c406e69cb6689baa2fb7964bad75209703724
- https://github.com/keylime/keylime/security/advisories/GHSA-wj36-qcfg-5j52
- https://seclists.org/oss-sec/2022/q1/101
- https://github.com/keylime/keylime/commit/1a4f31a6368d651222683c9debe7d6832db6f607
- https://github.com/keylime/keylime/commit/d37c406e69cb6689baa2fb7964bad75209703724
- https://github.com/keylime/keylime/security/advisories/GHSA-wj36-qcfg-5j52
- https://seclists.org/oss-sec/2022/q1/101