PYSEC-2023-128

🗓️ 19 Jul 2023 19:00:15Reported by GoogleType

osv🔗 osv.dev👁 13 Views

Flaw in keylime attestation verifier, fails to flag faulty TPM quote signature, emits error in log without untrusted device fla

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 22
Vulnrichment	CVE-2023-3674 Keylime: attestation failure when the quote's signature does not validate	19 Jul 202318:25	–	vulnrichment
Prion	Design/Logic Flaw	19 Jul 202319:15	–	prion
OSV	CVE-2023-3674	19 Jul 202319:15	–	osv
OSV	keylime fails to flag device as untrusted when signature does not validate	19 Jul 202321:30	–	osv
OSV	RHSA-2024:1139 Red Hat Security Advisory: keylime security update	16 Sep 202417:05	–	osv
OSV	OPENSUSE-SU-2024:14051-1 keylime-config-7.11.0-1.1 on GA media	17 Jun 202400:00	–	osv
OSV	RLSA-2024:1139 Low: keylime security update	10 May 202414:32	–	osv
OSV	Low: keylime security update	5 Mar 202400:00	–	osv
Tenable Nessus	Rocky Linux 9 : keylime (RLSA-2024:1139)	14 May 202400:00	–	nessus
Tenable Nessus	Oracle Linux 9 : keylime (ELSA-2024-1139)	6 Mar 202400:00	–	nessus

Source	Link
access	www.access.redhat.com/security/cve/CVE-2023-3674
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
github	www.github.com/keylime/keylime/commit/95ce3d86bd2c53009108ffda2dcf553312d733db

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

19 Jul 2023 19:15Current

6.9Medium risk

Vulners AI Score6.9

CVSS32.3 - 2.8

EPSS0.00021

SSVC