Headline
CVE-2022-23949: Keylime: Unsanitized UUIDs can lead to log spoofing
In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar.
Impact
Unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar.
Patches
Users should upgrade to at least 6.3.x.
Workarounds
None.
Credit
Many thanks to Matthias Gerstner for finding this issue and for Alberto Planas for the fix.
For more information
If you have any questions or comments about this advisory:
- Email us at [email protected]
- Ask on #keylime channel on the CNCF Slack