{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36530?format=json","vulnerability_id":"VCID-brn1-4b8e-kqhf","summary":"A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.","aliases":[{"alias":"CVE-2023-38201"},{"alias":"GHSA-f4r5-q63f-gcww"},{"alias":"PYSEC-2023-160"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35345?format=json","purl":"pkg:pypi/keylime@7.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mqxg-478p-23cn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keylime@7.5.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27719?format=json","purl":"pkg:pypi/keylime@6.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bkzk-g3pz-6ka5"},{"vulnerability":"VCID-brn1-4b8e-kqhf"},{"vulnerability":"VCID-e4rm-c82g-fbff"},{"vulnerability":"VCID-mqxg-478p-23cn"},{"vulnerability":"VCID-v57m-t456-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keylime@6.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/27720?format=json","purl":"pkg:pypi/keylime@6.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bkzk-g3pz-6ka5"},{"vulnerability":"VCID-brn1-4b8e-kqhf"},{"vulnerability":"VCID-e4rm-c82g-fbff"},{"vulnerability":"VCID-mqxg-478p-23cn"},{"vulnerability":"VCID-v57m-t456-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keylime@6.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/27721?format=json","purl":"pkg:pypi/keylime@6.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bkzk-g3pz-6ka5"},{"vulnerability":"VCID-brn1-4b8e-kqhf"},{"vulnerability":"VCID-mqxg-478p-23cn"},{"vulnerability":"VCID-v57m-t456-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keylime@6.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/29864?format=json","purl":"pkg:pypi/keylime@6.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bkzk-g3pz-6ka5"},{"vulnerability":"VCID-brn1-4b8e-kqhf"},{"vulnerability":"VCID-mqxg-478p-23cn"},{"vulnerability":"VCID-v57m-t456-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keylime@6.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/29865?format=json","purl":"pkg:pypi/keylime@6.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bkzk-g3pz-6ka5"},{"vulnerability":"VCID-brn1-4b8e-kqhf"},{"vulnerability":"VCID-mqxg-478p-23cn"},{"vulnerability":"VCID-v57m-t456-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keylime@6.4.2"},{"url":"http://public2.vulnerablecode.io/api/packages/29866?format=json","purl":"pkg:pypi/keylime@6.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bkzk-g3pz-6ka5"},{"vulnerability":"VCID-brn1-4b8e-kqhf"},{"vulnerability":"VCID-mqxg-478p-23cn"},{"vulnerability":"VCID-v57m-t456-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keylime@6.4.3"},{"url":"http://public2.vulnerablecode.io/api/packages/29867?format=json","purl":"pkg:pypi/keylime@6.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bkzk-g3pz-6ka5"},{"vulnerability":"VCID-brn1-4b8e-kqhf"},{"vulnerability":"VCID-mqxg-478p-23cn"},{"vulnerability":"VCID-v57m-t456-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keylime@6.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/29868?format=json","purl":"pkg:pypi/keylime@6.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-brn1-4b8e-kqhf"},{"vulnerability":"VCID-mqxg-478p-23cn"},{"vulnerability":"VCID-v57m-t456-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keylime@6.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/35017?format=json","purl":"pkg:pypi/keylime@6.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-brn1-4b8e-kqhf"},{"vulnerability":"VCID-mqxg-478p-23cn"},{"vulnerability":"VCID-v57m-t456-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keylime@6.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/35018?format=json","purl":"pkg:pypi/keylime@6.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-brn1-4b8e-kqhf"},{"vulnerability":"VCID-mqxg-478p-23cn"},{"vulnerability":"VCID-v57m-t456-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keylime@6.5.3"},{"url":"http://public2.vulnerablecode.io/api/packages/35019?format=json","purl":"pkg:pypi/keylime@6.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-brn1-4b8e-kqhf"},{"vulnerability":"VCID-mqxg-478p-23cn"},{"vulnerability":"VCID-v57m-t456-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keylime@6.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/35020?format=json","purl":"pkg:pypi/keylime@6.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-brn1-4b8e-kqhf"},{"vulnerability":"VCID-mqxg-478p-23cn"},{"vulnerability":"VCID-v57m-t456-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keylime@6.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/35021?format=json","purl":"pkg:pypi/keylime@7.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-brn1-4b8e-kqhf"},{"vulnerability":"VCID-mqxg-478p-23cn"},{"vulnerability":"VCID-v57m-t456-xkfd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keylime@7.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/35022?format=json","purl":"pkg:pypi/keylime@7.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-brn1-4b8e-kqhf"},{"vulnerability":"VCID-mqxg-478p-23cn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keylime@7.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/35343?format=json","purl":"pkg:pypi/keylime@7.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-brn1-4b8e-kqhf"},{"vulnerability":"VCID-mqxg-478p-23cn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keylime@7.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/35344?format=json","purl":"pkg:pypi/keylime@7.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-brn1-4b8e-kqhf"},{"vulnerability":"VCID-mqxg-478p-23cn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keylime@7.4.0"}],"references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5080","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5080"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-38201","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/security/cve/CVE-2023-38201"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2222693","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2222693"},{"reference_url":"https://github.com/keylime/keylime","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/keylime/keylime"},{"reference_url":"https://github.com/keylime/keylime/commit/9e5ac9f25cd400b16d5969f531cee28290543f2a","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://github.com/keylime/keylime/commit/9e5ac9f25cd400b16d5969f531cee28290543f2a"},{"reference_url":"https://github.com/keylime/keylime/security/advisories/GHSA-f4r5-q63f-gcww","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://github.com/keylime/keylime/security/advisories/GHSA-f4r5-q63f-gcww"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keylime/PYSEC-2023-160.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keylime/PYSEC-2023-160.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIZZB5NHNCS5D2AEH3ZAO6OQC72IK7WS","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIZZB5NHNCS5D2AEH3ZAO6OQC72IK7WS"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38201","reference_id":"CVE-2023-38201","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38201"},{"reference_url":"https://github.com/advisories/GHSA-f4r5-q63f-gcww","reference_id":"GHSA-f4r5-q63f-gcww","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f4r5-q63f-gcww"}],"weaknesses":[{"cwe_id":639,"name":"Authorization Bypass Through User-Controlled Key","description":"The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"6.5 - 6.5","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-brn1-4b8e-kqhf"}