Safety vulnerability ID: 64649
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Keylime 7.5.0 resolves the CVE-2023-38201 vulnerability. This vulnerability, discovered in the Keylime registrar, allowed an attacker to bypass the challenge-response protocol during agent registration. By impersonating an agent and adding it to the verifier list, an attacker could potentially breach the integrity of the registrar database.
Latest version: 7.10.0
TPM-based key bootstrapping and system integrity measurement system for cloud
What's Changed
New features and significant changes:
* (Fix for [CVE-2023-38201](https://www.cvedetails.com/cve/CVE-2023-38201/), details on this [Security Advisory](https://github.com/keylime/keylime/security/advisories/GHSA-f4r5-q63f-gcww) ) Challenge-response protocol between Registrar and (untrusted) Agent can be bypassed by an attacker by maugustosilva in https://github.com/keylime/keylime/commit/9e5ac9f25cd400b16d5969f531cee28290543f2a
* mba: Manage the number of measured boot attestation by niteeshkd in https://github.com/keylime/keylime/pull/1433
* tpm_cert_store: add the Alibaba Cloud vTPM EK x509 cert by Jingshui1037 in https://github.com/keylime/keylime/pull/1448
Bugfixes:
* verifier: close session in worker_webhook function by kkaarreell in https://github.com/keylime/keylime/pull/1456
* elchecking/example: add ignores for EV_PLATFORM_CONFIG_FLAGS by THS-on in https://github.com/keylime/keylime/pull/1450
* verifier: should read parameters from verifier.conf only by maugustosilva in https://github.com/keylime/keylime/pull/1458
* templates/2.0/mapping.json: fix the default registrar_port error in the verifier config by Jingshui1037 in https://github.com/keylime/keylime/pull/1441
Testing/CI:
* Update container build workflow actions by ansasaki in https://github.com/keylime/keylime/pull/1447
* installer.sh: use the -i parameter variable to set the default binding and listening IP about the agent, verifier, and registrar server is 127.0.0.1 or 0.0.0.0 by Jingshui1037 in https://github.com/keylime/keylime/pull/1444
* requirements.txt: update the need sqlalchemy version to 1.3.12 and above. by Jingshui1037 in https://github.com/keylime/keylime/pull/1454
Code cleanup
* codestyle: Fix access to possibly not available package 'rpm' (pyright) by stefanberger in https://github.com/keylime/keylime/pull/1443
Documentation
Administrative
* Monthly release (7.5.0) by maugustosilva in https://github.com/keylime/keylime/pull/1460
New Contributors
* niteeshkd made their first contribution in https://github.com/keylime/keylime/pull/1433
**Full Changelog**: https://github.com/keylime/keylime/compare/v7.4.0...v7.5.0
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application