Lucene search
GoogleOSV:CVE-2022-23948HistorySep 21, 2022 - 7:15 p.m.
CVE-2022-23948
2022-09-2119:15:09
Google
osv.dev
5
keylime
security flaw
mounts
secrets leaked
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
6.6
Confidence
Low
EPSS
0.001
Percentile
49.2%
A flaw was found in Keylime before 6.3.0. The logic in the Keylime agent for checking for a secure mount can be fooled by previously created unprivileged mounts allowing secrets to be leaked to other processes on the host.
Related
cvelist
cvelist
CVE-2022-23948
2022-09-21 18:23:36
cve
cve
CVE-2022-23948
2022-09-21 19:15:09
nvd
nvd
CVE-2022-23948
2022-09-21 19:15:09
prion
prion
Command injection
2022-09-21 19:15:00
ubuntucve
ubuntucve
CVE-2022-23948
2022-09-21 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: keylime-6.3.0-2.fc35
2022-02-04 01:25:14
[SECURITY] Fedora 34 Update: keylime-6.3.0-2.fc34
2022-02-04 01:24:28
openvas
openvas
Fedora: Security Advisory for keylime (FEDORA-2022-dbb274913a)
2022-02-04 00:00:00
Fedora: Security Advisory for keylime (FEDORA-2022-5770dad5f8)
2022-02-04 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
6.6
Confidence
Low
EPSS
0.001
Percentile
49.2%
Related for OSV:CVE-2022-23948