BIT-KYVERNO-2023-47630 Attacker can cause Kyverno user to unintentionally consume insecure image

Kyverno is a policy engine designed for Kubernetes. An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker to compromise the registry that the Kyverno users fetch their images from. The attacker could then...

CVE-2023-33957

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation inspect command on the same machine. The...

GO-2024-2472 Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry

Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry...

GHSA-88JX-383Q-W4QC Cosign malicious attachments can cause system-wide denial of service

Summary A remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as a Redis database which can result in data loss. It can also impact the availability of othe...

CVE-2024-29902

Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as ...

CVE-2024-29902

Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as ...

CVE-2024-29902 Cosign vulnerable to system-wide denial of service via malicious attachments

Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as ...

Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry

Impact An external actor with control of a compromised container registry can provide outdated versions of OCI artifacts, such as Images. This could lead artifact consumers with relaxed trust policies such as permissive instead of strict to potentially use artifacts with signatures that are no...

GHSA-57WX-M636-G3G8 Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry

Impact An external actor with control of a compromised container registry can provide outdated versions of OCI artifacts, such as Images. This could lead artifact consumers with relaxed trust policies such as permissive instead of strict to potentially use artifacts with signatures that are no...

SUSE CVE-2023-47630

Kyverno is a policy engine designed for Kubernetes. An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker to compromise the registry that the Kyverno users fetch their images from. The attacker could then...

PT-2023-30524 · Kyverno · Kyverno

Name of the Vulnerable Software and Affected Versions: Kyverno versions prior to 1.10.5 Kyverno versions prior to 1.11 Description: An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker to compromise the...

CVE-2023-46737

A flaw was found in the cosign package. A attacker with control of a compromised registry or with privileges to make requests to the cluster can create a specific request that will trigger an infinite loop condition, resulting in a denial of service. Mitigation Mitigation for this issue is either...

CVE-2023-33957

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation inspect command on the same machine. The...

CVE-2023-33958

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same machine. The...

CVE-2023-33958

CVE-2023-33958 affects the notation CLI tool for signing/verifying OCI artifacts. The issue is a default maxSignatureAttempts setting in notation verify that can be abused by an attacker who controls a registry to serve an unlimited number of signatures for an artifact, causing denial of service ...

CVE-2023-33957 Denial of service from high number of artifact signatures in notation

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation inspect command on the same machine. The...

PT-2023-24597 · Notation · Notation

Name of the Vulnerable Software and Affected Versions: notation versions prior to v1.0.0-rc.6 Description: The issue allows an attacker who has compromised a registry and added a high number of signatures to an artifact to cause denial of service of services on the machine, if a user runs the...