Lucene search

K

GoogleOSV:CVE-2022-3500

HistoryNov 22, 2022 - 7:15 p.m.

CVE-2022-3500

2022-11-2219:15:17

Google

osv.dev

8

vulnerability

keylime

attestation

CVSS3

5.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

5

Confidence

High

EPSS

0.001

Percentile

35.3%

A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore.

References

access.redhat.com/security/cve/CVE-2022-3500

github.com/keylime/keylime/pull/1128

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUTHMDVFNGGVPCNPOGULMJAAFEP7MEXP/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QX4XVCAUFGJ2I2NCTOKONTJGRJB2NBBT/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQH5CJRX65QYMQN5WGUKKKE3IRJBWG5Z/

CVSS3

5.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

5

Confidence

High

EPSS

0.001

Percentile

35.3%

Related for OSV:CVE-2022-3500

openvas4 nessus8 oraclelinux1 fedora3 cve1 osv4 cvelist1 almalinux1 github1 prion1 rocky1 veracode1 redhatcve1 redhat1 nvd1