CVE Tools

keylime

Security Productsoss-project

6

Cumulative CVEs

1

Monthly snapshots

#91

Peak rank

Top products

Latest CVEs

The 13 most recently published vulnerabilities affecting keylime.

CVE-2026-1709Keylime: keylime: authentication bypass allows unauthorized administrative operations due to missing client-side tls authentication9.4Feb 6, 2026
CVE-2023-38201Keylime: challenge-response protocol bypass during agent registration6.5Aug 25, 2023
CVE-2023-38200Keylime: registrar is subject to a dos against ssl connections7.5Jul 24, 2023
CVE-2023-3674Keylime: attestation failure when the quote's signature does not validate2.3Jul 19, 2023
CVE-2022-3500A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create erro...5.1Nov 22, 2022
CVE-2022-23952In Keylime before 6.3.0, current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable.7.5Sep 21, 2022
CVE-2022-23951In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs.5.5Sep 21, 2022
CVE-2022-23950In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations.7.5Sep 21, 2022
CVE-2022-23949In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar.7.5Sep 21, 2022
CVE-2021-43310A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remot...9.8Sep 21, 2022
CVE-2022-23948A flaw was found in Keylime before 6.3.0. The logic in the Keylime agent for checking for a secure mount can be fooled by previously created unprivileged mounts allowing secrets to be leaked to oth...7.5Sep 21, 2022
CVE-2022-1053Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allo...9.1May 6, 2022
CVE-2021-3406A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations.9.8Feb 25, 2021