CVE-2022-23952 - OpenCVE

In Keylime before 6.3.0, current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Keylime	Keylime

Configuration 1 [-]

cpe:2.3:a:keylime:keylime:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/keylime/keylime/commit/883085d6a4bcea3012729014d5b8e15ecd65fc7c	Patch Third Party Advisory
https://github.com/keylime/keylime/security/advisories/GHSA-fchm-5w2v-qfm8	Third Party Advisory
https://seclists.org/oss-sec/2022/q1/101	Exploit Mailing List Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: fedora

Published: 2022-09-21T18:25:13

Updated: 2022-09-21T18:25:13

Reserved: 2022-01-25T00:00:00

Link: CVE-2022-23952

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-21T19:15:10.337

Modified: 2022-12-21T15:01:19.963

Link: CVE-2022-23952

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "keylime", "vendor": "n/a", "versions": [{"status": "affected", "version": "keylime 6.3.0"}]}], "descriptions": [{"lang": "en", "value": "In Keylime before 6.3.0, current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-21T18:25:13", "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://seclists.org/oss-sec/2022/q1/101"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/keylime/keylime/security/advisories/GHSA-fchm-5w2v-qfm8"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/keylime/keylime/commit/883085d6a4bcea3012729014d5b8e15ecd65fc7c"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "patrick@puiterwijk.org", "ID": "CVE-2022-23952", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "keylime", "version": {"version_data": [{"version_value": "keylime 6.3.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Keylime before 6.3.0, current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200"}]}]}, "references": {"reference_data": [{"name": "https://seclists.org/oss-sec/2022/q1/101", "refsource": "MISC", "url": "https://seclists.org/oss-sec/2022/q1/101"}, {"name": "https://github.com/keylime/keylime/security/advisories/GHSA-fchm-5w2v-qfm8", "refsource": "MISC", "url": "https://github.com/keylime/keylime/security/advisories/GHSA-fchm-5w2v-qfm8"}, {"name": "https://github.com/keylime/keylime/commit/883085d6a4bcea3012729014d5b8e15ecd65fc7c", "refsource": "MISC", "url": "https://github.com/keylime/keylime/commit/883085d6a4bcea3012729014d5b8e15ecd65fc7c"}]}}}}, "cveMetadata": {"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "assignerShortName": "fedora", "cveId": "CVE-2022-23952", "datePublished": "2022-09-21T18:25:13", "dateReserved": "2022-01-25T00:00:00", "dateUpdated": "2022-09-21T18:25:13", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}