Lucene search
GoogleOSV:GO-2024-2472HistoryJun 28, 2024 - 3:28 p.m.
Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry
2024-06-2815:28:53
Google
osv.dev
go
package
notaryproject/notation
permissive trust
rollback attack
compromised registry
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
19.4%
Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry
Related
nvd
nvd
CVE-2024-23332
2024-01-19 23:15:07
veracode
veracode
Rollback Attack
2024-01-23 05:43:39
cvelist
cvelist
github
github
prion
prion
Design/Logic Flaw
2024-01-19 23:15:00
cve
cve
CVE-2024-23332
2024-01-19 23:15:07
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
19.4%
Related for OSV:GO-2024-2472