Design/Logic Flaw

2022-09-2119:15:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.6%

In Keylime before 6.3.0, current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable.

CPENameOperatorVersion
keylimelt6.3.0

CPE	Name	Operator	Version
	keylime	lt	6.3.0

References

github.com/keylime/keylime/commit/883085d6a4bcea3012729014d5b8e15ecd65fc7c

github.com/keylime/keylime/security/advisories/GHSA-fchm-5w2v-qfm8

seclists.org/oss-sec/2022/q1/101