CVE-2022-3500

CVSS V2 None CVSS V3 None
Description
A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore.
Overview
  • CVE ID
  • CVE-2022-3500
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-11-22T19:15:17
  • Last Modified Date
  • 2023-02-01T16:00:55
Weakness Enumerations
CWE URL
CWE-248 http://cwe.mitre.org/data/definitions/248.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:keylime:keylime:*:*:*:*:*:*:*:* 1 OR 6.5.1
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* 1 OR
References
Reference URL Reference Tags
https://access.redhat.com/security/cve/CVE-2022-3500 Third Party Advisory
https://github.com/keylime/keylime/pull/1128 Issue Tracking Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUTHMDVFNGGVPCNPOGULMJAAFEP7MEXP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QX4XVCAUFGJ2I2NCTOKONTJGRJB2NBBT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQH5CJRX65QYMQN5WGUKKKE3IRJBWG5Z/
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-3500
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3500
History
Created Old Value New Value Data Type Notes
2022-11-22 20:00:11 Added to TrackCVE
2022-12-07 17:59:56 2022-11-22T19:15Z 2022-11-22T19:15:17 CVE Published Date updated
2022-12-07 17:59:56 2022-11-28T18:04:58 CVE Modified Date updated
2022-12-07 17:59:56 Analyzed Vulnerability Status updated
2022-12-07 17:59:58 CPE Information updated
2022-12-11 05:15:21 2022-12-11T04:15:10 CVE Modified Date updated
2022-12-11 05:15:21 Analyzed Modified Vulnerability Status updated
2022-12-11 05:15:23 References updated
2022-12-11 07:14:54 Modified Undergoing Analysis Vulnerability Status updated
2022-12-19 03:15:27 2022-12-19T03:15:10 CVE Modified Date updated
2022-12-19 03:15:29 References updated
2023-02-01 17:14:03 2023-02-01T16:00:55 CVE Modified Date updated
2023-02-01 17:14:03 Undergoing Analysis Analyzed Vulnerability Status updated