PYSEC-2022-42995 — Vulnetix

PYSEC-2022-42995 PUBLISHED

A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore.

Affected Products

Vendor	Product	Versions
PyPI	keylime	0, 6.3.1, 6.4.0

Timeline

Nov 22, 2022 CVE Published
Nov 8, 2023 CVE Updated

References

https://github.com/keylime/keylime/pull/1128 fix
https://access.redhat.com/security/cve/CVE-2022-3500 advisory

Open in Interactive Console →