CVE-2021-3406

Опубликовано: 25 фев. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=1932469
Issue Tracking
Third Party Advisory
https://github.com/keylime/keylime/security/advisories/GHSA-78f8-6c68-375m
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAWKEF2LVXUME266T6RNRVBGAD375QAT/
https://bugzilla.redhat.com/show_bug.cgi?id=1932469
Issue Tracking
Third Party Advisory
https://github.com/keylime/keylime/security/advisories/GHSA-78f8-6c68-375m
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAWKEF2LVXUME266T6RNRVBGAD375QAT/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:keylime:keylime:*:*:*:*:*:*:*:*

Версия до 5.8.1 (включая)

Конфигурация 2

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

EPSS

Процентиль: 29%

0.00104

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-347

CWE-295