Insecure Mount Logic in Keylime Agent Allows Secret Leakage

Insecure Mount Logic in Keylime Agent Allows Secret Leakage

CVE-2022-23948 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

A flaw was found in Keylime before 6.3.0. The logic in the Keylime agent for checking for a secure mount can be fooled by previously created unprivileged mounts allowing secrets to be leaked to other processes on the host.

Learn more about our Web Application Penetration Testing UK.