CVE-2022-3500

MEDIUM

keylime - Info Disclosure

Title source: llm

Description

A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore.

References (5)

[Third Party Advisory] https://access.redhat.com/security/cve/CVE-2022-3500

[Issue Tracking, Patch, Third Party Advisory] https://github.com/keylime/keylime/pull/1128

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUTHMDVFNGGVPCNPOGULMJAAFEP7MEXP/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QX4XVCAUFGJ2I2NCTOKONTJGRJB2NBBT/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQH5CJRX65QYMQN5WGUKKKE3IRJBWG5Z/

Scores

CVSS v3 5.1

EPSS 0.0015

EPSS Percentile 35.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-248

Status published

Affected Products (6)

keylime/keylime < 6.5.1

redhat/enterprise_linux

fedoraproject/fedora

fedoraproject/fedora

fedoraproject/fedora

pypi/keylime < 6.5.1PyPI

Timeline

Published Nov 22, 2022

Tracked Since Feb 18, 2026