High severityNVD Advisory· Published Aug 25, 2023· Updated Nov 20, 2025
Keylime: challenge-response protocol bypass during agent registration
CVE-2023-38201
Description
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
keylimePyPI | < 7.5.0 | 7.5.0 |
Affected products
13- cpe:/a:redhat:enterprise_linux:9::appstreamRange: 0:6.5.2-6.el9_2
- ghsa-coords12 versionspkg:pypi/keylimepkg:rpm/almalinux/keylimepkg:rpm/almalinux/keylime-basepkg:rpm/almalinux/keylime-registrarpkg:rpm/almalinux/keylime-selinuxpkg:rpm/almalinux/keylime-tenantpkg:rpm/almalinux/keylime-verifierpkg:rpm/almalinux/python3-keylimepkg:rpm/opensuse/keylime&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/keylime&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/keylime&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/keylime&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5
< 7.5.0+ 11 more
- (no CPE)range: < 7.5.0
- (no CPE)range: < 6.5.2-6.el9_2.alma.1
- (no CPE)range: < 6.5.2-6.el9_2.alma.1
- (no CPE)range: < 6.5.2-6.el9_2.alma.1
- (no CPE)range: < 6.5.2-6.el9_2.alma.1
- (no CPE)range: < 6.5.2-6.el9_2.alma.1
- (no CPE)range: < 6.5.2-6.el9_2.alma.1
- (no CPE)range: < 6.5.2-6.el9_2.alma.1
- (no CPE)range: < 6.3.2-150400.4.20.1
- (no CPE)range: < 6.3.2-150400.4.20.1
- (no CPE)range: < 6.3.2-150400.4.20.1
- (no CPE)range: < 6.3.2-150400.4.20.1
Patches
Vulnerability mechanics
References
9- access.redhat.com/errata/RHSA-2023:5080ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-f4r5-q63f-gcwwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-38201ghsaADVISORY
- access.redhat.com/security/cve/CVE-2023-38201ghsavdb-entryx_refsource_REDHATWEB
- bugzilla.redhat.com/show_bug.cgighsaissue-trackingx_refsource_REDHATWEB
- github.com/keylime/keylime/commit/9e5ac9f25cd400b16d5969f531cee28290543f2aghsaWEB
- github.com/keylime/keylime/security/advisories/GHSA-f4r5-q63f-gcwwghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/keylime/PYSEC-2023-160.yamlghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIZZB5NHNCS5D2AEH3ZAO6OQC72IK7WSghsaWEB
News mentions
0No linked articles in our index yet.