Home > Vulnerability Database > CVE-2023-3674

Mend.io Vulnerability Database

CVE-2023-3674

Good to know:

Date: July 19, 2023

A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.

Language: Python

Severity Score

2.3

Related Resources (8)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-3674

Url: https://github.com/keylime/keylime/commit/95ce3d86bd2c53009108ffda2dcf553312d733db

Url: https://github.com/pypa/advisory-database/tree/main/vulns/keylime/PYSEC-2023-128.yaml

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2222903

Url: https://access.redhat.com/security/cve/CVE-2023-3674

Url: https://github.com/keylime/keylime

Url: https://access.redhat.com/errata/RHSA-2024:1139

Url: https://www.mend.io/vulnerability-database/CVE-2023-3674

Severity Score

2.3

Weakness Type (CWE)

Mutable Attestation or Measurement Reporting Data

CWE-1283

Top Fix

Upgrade Version

Upgrade to version keylime - 7.2.5

Learn More

CVSS v3.1

Base Score:	2.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-3674

Good to know:

Date: July 19, 2023

Language: Python

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?