CVE-2022-23952

CVE-2022-23952

Vendor N/A

Product keylime

Weakness CWE-200 · Info exposure

Published September 21, 2022

Last update May 22, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

In Keylime before 6.3.0, current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable.

Key dates

02Disclosure timeline

September 21, 2022 CVE published

May 22, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-23952 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2023-31280 Exposure of Sensitive Information to an Unauthorized Actor CVE-2025-8305 Information Disclosure in Identity Agent Debug Files CVE-2020-6653 Sensitive date stored in logcat file CVE-2025-12129 CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - Unauthenticated Information Exposure CVE-2026-1060 WP Adminify <= 4.0.7.7 - Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API