Vulnerability Details CVE-2023-38201
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.7%
CVSS Severity
CVSS v3 Score 6.5
References
- https://access.redhat.com/errata/RHSA-2023:5080
- https://access.redhat.com/security/cve/CVE-2023-38201
- https://bugzilla.redhat.com/show_bug.cgi?id=2222693
- https://github.com/keylime/keylime/commit/9e5ac9f25cd400b16d5969f531cee28290543f2a
- https://github.com/keylime/keylime/security/advisories/GHSA-f4r5-q63f-gcww
- https://access.redhat.com/errata/RHSA-2023:5080
- https://access.redhat.com/security/cve/CVE-2023-38201
- https://bugzilla.redhat.com/show_bug.cgi?id=2222693
- https://github.com/keylime/keylime/commit/9e5ac9f25cd400b16d5969f531cee28290543f2a
- https://github.com/keylime/keylime/security/advisories/GHSA-f4r5-q63f-gcww
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIZZB5NHNCS5D2AEH3ZAO6OQC72IK7WS/
Products affected by CVE-2023-38201
-
cpe:2.3:a:keylime:keylime:-
-
cpe:2.3:a:keylime:keylime:2.0
-
cpe:2.3:a:keylime:keylime:2.1
-
cpe:2.3:a:keylime:keylime:2.1.1
-
cpe:2.3:a:keylime:keylime:2.2
-
cpe:2.3:a:keylime:keylime:2.3
-
cpe:2.3:a:keylime:keylime:2.3.1
-
cpe:2.3:a:keylime:keylime:2.3.2
-
cpe:2.3:a:keylime:keylime:2.3.3
-
cpe:2.3:a:keylime:keylime:2.3.4
-
cpe:2.3:a:keylime:keylime:3.0.0
-
cpe:2.3:a:keylime:keylime:3.1.0
-
cpe:2.3:a:keylime:keylime:3.1.1
-
cpe:2.3:a:keylime:keylime:4.0.0
-
cpe:2.3:a:keylime:keylime:4.0.1
-
cpe:2.3:a:keylime:keylime:5.0.0
-
cpe:2.3:a:keylime:keylime:5.1.0
-
cpe:2.3:a:keylime:keylime:5.2.0
-
cpe:2.3:a:keylime:keylime:5.3.0
-
cpe:2.3:a:keylime:keylime:5.3.1
-
cpe:2.3:a:keylime:keylime:5.4.0
-
cpe:2.3:a:keylime:keylime:5.4.1
-
cpe:2.3:a:keylime:keylime:5.5.0
-
cpe:2.3:a:keylime:keylime:5.6.0
-
cpe:2.3:a:keylime:keylime:5.6.1
-
cpe:2.3:a:keylime:keylime:5.6.2
-
cpe:2.3:a:keylime:keylime:5.7.0
-
cpe:2.3:a:keylime:keylime:5.7.1
-
cpe:2.3:a:keylime:keylime:5.7.2
-
cpe:2.3:a:keylime:keylime:5.7.3
-
cpe:2.3:a:keylime:keylime:5.8.0
-
cpe:2.3:a:keylime:keylime:5.8.1
-
cpe:2.3:a:keylime:keylime:6.0.0
-
cpe:2.3:a:keylime:keylime:6.0.1
-
cpe:2.3:a:keylime:keylime:6.1.0
-
cpe:2.3:a:keylime:keylime:6.1.1
-
cpe:2.3:a:keylime:keylime:6.2.0
-
cpe:2.3:a:keylime:keylime:6.2.1
-
cpe:2.3:a:keylime:keylime:6.3.0
-
cpe:2.3:a:keylime:keylime:6.3.1
-
cpe:2.3:a:keylime:keylime:6.3.2
-
cpe:2.3:a:keylime:keylime:6.4.0
-
cpe:2.3:a:keylime:keylime:6.4.1
-
cpe:2.3:a:keylime:keylime:6.4.2
-
cpe:2.3:a:keylime:keylime:6.4.3
-
cpe:2.3:a:keylime:keylime:6.5.0
-
cpe:2.3:a:keylime:keylime:6.5.1
-
cpe:2.3:a:keylime:keylime:6.5.2
-
cpe:2.3:a:keylime:keylime:6.5.3
-
cpe:2.3:a:keylime:keylime:6.6.0
-
cpe:2.3:a:keylime:keylime:6.7.0
-
cpe:2.3:a:keylime:keylime:7.0.0
-
cpe:2.3:a:keylime:keylime:7.2.5
-
cpe:2.3:a:keylime:keylime:7.3.0
-
cpe:2.3:a:keylime:keylime:7.4.0
-
cpe:2.3:o:fedoraproject:fedora:38
-
cpe:2.3:o:redhat:enterprise_linux:9.0
-
cpe:2.3:o:redhat:enterprise_linux_eus:9.2
-
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x
-
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x
-
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le
-
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2