Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-g4wg-cfpf-9689

Опубликовано: 19 июл. 2023
Источник: github
Github: Прошло ревью
CVSS4: 4.6
CVSS3: 2.3

Описание

keylime fails to flag device as untrusted when signature does not validate

A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.

Пакеты

Наименование

keylime

pip
Затронутые версииВерсия исправления

< 7.2.5

7.2.5

EPSS

Процентиль: 4%
0.00021
Низкий

4.6 Medium

CVSS4

2.3 Low

CVSS3

Дефекты

CWE-1283

Связанные уязвимости

CVSS3: 2.3
redhat
около 2 лет назад

A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.

CVSS3: 2.3
nvd
около 2 лет назад

A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.

rocky
больше 1 года назад

Low: keylime security update

oracle-oval
больше 1 года назад

ELSA-2024-1139: keylime security update (LOW)

EPSS

Процентиль: 4%
0.00021
Низкий

4.6 Medium

CVSS4

2.3 Low

CVSS3

Дефекты

CWE-1283