{"id":"PYSEC-2022-42995","details":"A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore.","aliases":["CVE-2022-3500","GHSA-hff2-x2j9-gxgv"],"modified":"2023-11-08T04:09:49.807027Z","published":"2022-11-22T19:15:00Z","references":[{"type":"WEB","url":"https://github.com/keylime/keylime/pull/1128"},{"type":"WEB","url":"https://access.redhat.com/security/cve/CVE-2022-3500"}],"affected":[{"package":{"name":"keylime","ecosystem":"PyPI","purl":"pkg:pypi/keylime"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.5.1"}]}],"versions":["6.3.1","6.3.2","6.4.0","6.4.1","6.4.2","6.4.3","6.5.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/keylime/PYSEC-2022-42995.yaml"}}],"schema_version":"1.7.3"}