Alberto Planas

3 exploits Active since Sep 2022
CVE-2022-23948 WRITEUP HIGH WRITEUP
Keylime <6.3.0 - Info Disclosure
A flaw was found in Keylime before 6.3.0. The logic in the Keylime agent for checking for a secure mount can be fooled by previously created unprivileged mounts allowing secrets to be leaked to other processes on the host.
CVSS 7.5
CVE-2022-23949 WRITEUP HIGH WRITEUP
Keylime <6.3.0 - Info Disclosure
In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar.
CVSS 7.5
CVE-2022-23950 WRITEUP HIGH WRITEUP
Keylime <6.3.0 - Privilege Escalation
In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations.
CVSS 7.5