CVE-2023-38201
Publication date 25 August 2023
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.
Status
Package | Ubuntu Release | Status |
---|---|---|
keylime | ||
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic | Ignored end of standard support | |
16.04 LTS xenial | Ignored end of standard support | |
14.04 LTS trusty | Ignored end of standard support |
Severity score breakdown
Parameter | Value |
---|---|
Base score |
|
Attack vector | Adjacent |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | High |
Availability impact | None |
Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
References
Other references
- https://access.redhat.com/security/cve/CVE-2023-38201
- https://github.com/keylime/keylime/security/advisories/GHSA-f4r5-q63f-gcww
- https://github.com/keylime/keylime/commit/9e5ac9f25cd400b16d5969f531cee28290543f2a
- https://bugzilla.redhat.com/show_bug.cgi?id=2222693
- https://www.cve.org/CVERecord?id=CVE-2023-38201