Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-af9x-v3fm-3ffh
Vulnerability ID VCID-af9x-v3fm-3ffh
Aliases GHSA-27jc-jmp8-qfw5
Summary Duplicate Advisory: Keylime Missing Authentication for Critical Function and Improper Authentication ### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4jqp-9qjv-57m2. This link is maintained to preserve external references. ### Original Description A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-322 Key Exchange without Entity Authentication
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
There are no known severity scores.
Reference id Reference type URL
https://access.redhat.com/errata/RHSA-2026:2224
https://access.redhat.com/errata/RHSA-2026:2225
https://bugzilla.redhat.com/show_bug.cgi?id=2435514
CVE-2026-1709 https://nvd.nist.gov/vuln/detail/CVE-2026-1709
GHSA-27jc-jmp8-qfw5 https://github.com/advisories/GHSA-27jc-jmp8-qfw5
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:50:01.345952+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/keylime/GHSA-27jc-jmp8-qfw5.yml 38.6.0