CVE-2023-38201
Publication date 25 August 2023
Last updated 26 August 2025
Ubuntu priority
Description
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| keylime | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored end of standard support | |
| 16.04 LTS xenial | Ignored end of standard support | |
| 14.04 LTS trusty | Ignored end of standard support |
Severity score breakdown
CVSS version: CVSS v3.0
Base score
6.5 · Medium
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
References
Other references
- https://access.redhat.com/security/cve/CVE-2023-38201
- https://github.com/keylime/keylime/security/advisories/GHSA-f4r5-q63f-gcww
- https://github.com/keylime/keylime/commit/9e5ac9f25cd400b16d5969f531cee28290543f2a
- https://bugzilla.redhat.com/show_bug.cgi?id=2222693
- https://www.cve.org/CVERecord?id=CVE-2023-38201