Lucene search
+L

5 matches found

redhatcve
redhatcve
added 2025/05/23 3:54 a.m.7 views

CVE-2023-33959

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Use...

8.8CVSS8.5AI score0.00354EPSS
Exploits0References1
cgr
cgr
added 2023/06/06 7:15 p.m.63 views

CVE-2023-33959 vulnerabilities

Vulnerabilities for packages: zot...

8.8CVSS7.3AI score0.00354EPSS
Exploits0
wolfi
wolfi
added 2023/06/06 7:15 p.m.18 views

CVE-2023-33959 vulnerabilities

Vulnerabilities for packages: zot...

8.8CVSS7.3AI score0.00354EPSS
Exploits0
cve
cve
added 2023/06/06 6:15 p.m.400 views

CVE-2023-33959

CVE-2023-33959 concerns notation (notaryproject/notation-go) used to sign/verify OCI artifacts. Affected: the notation tool and its verification flow when a registry is compromised can mislead users into verifying a wrong artifact. Root cause described in connected sources as a verification bypas...

8.8CVSS8.4AI score0.00354EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2023/06/06 6:15 p.m.42 views

CVE-2023-33959 Verification bypass can cause users into verifying the wrong artifact

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Use...

8.3CVSS8.7AI score0.00354EPSS
Exploits0References1
Rows per page
Query Builder