Lucene search

PRIOn knowledge basePRION:CVE-2023-33959

HistoryJun 06, 2023 - 7:15 p.m.

Code injection

2023-06-0619:15:00

PRIOn knowledge base

www.prio-n.com

code injection

notation cli

oci artifacts

container images

registry compromise

vulnerability fix

upgrade

notation-go library

container registries

8.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.2%

JSON

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries.

CPENameOperatorVersion
notationeq1.0.0 rc2
notationeq1.0.0 rc3
notationeq1.0.0 rc4
notationeq1.0.0 rc5
notationlt1.0.0
notationeq1.0.0 rc1

Name	Operator	Version
notation	eq	1.0.0 rc2
notation	eq	1.0.0 rc3
notation	eq	1.0.0 rc4
notation	eq	1.0.0 rc5
notation	lt	1.0.0
notation	eq	1.0.0 rc1

References

github.com/notaryproject/notation-go/security/advisories/GHSA-xhg5-42rf-296r