Authentication Bypass by Spoofing

CVE-2022-23949

High

7.5/10

Summary

In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar. NOTE: The affected versions of this package are not available in a package manager we support.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-290 - Authentication Bypass by Spoofing

This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

References

Advisory
Release Note
Pull request
Mail Thread

Advisory Timeline

Published Sep 21, 2022

Authentication Bypass by Spoofing

CVE-2022-23949

Summary

CWE-290 - Authentication Bypass by Spoofing

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS