CVE-2023-33959
8.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| notaryproject | notation-go | < 1.0.0-rc.6 | affected |
Weaknesses
- CWE-347: CWE-347: Improper Verification of Cryptographic Signature
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.