Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:10 a.m.5 views

CVE-2023-32076

in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and prior, among the...

5.5CVSS7.1AI score0.00241EPSS
Exploits0References1
Veracode
Veracode
added 2023/05/17 2:47 a.m.18 views

External Control Of Configuration

in-toto is vulnerable to External Control of Configuration. The vulnerability exists due to the insecure implementation of the usersettings module, which allows an attacker to write configuration from the local directory and mask their activities by passing a maliciously crafted .intotorc file,...

5.5CVSS6.5AI score0.00241EPSS
Exploits0References4Affected Software2
SUSE CVE
SUSE CVE
added 2023/05/12 2:19 a.m.4 views

SUSE CVE-2023-32076

in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and prior, among the...

5.5CVSS7.2AI score0.00241EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/05/10 6:15 p.m.23 views

CVE-2023-32076

in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and prior, among the...

5.5CVSS6AI score0.00241EPSS
Exploits0References5
OSV
OSV
added 2023/05/10 6:15 p.m.10 views

PYSEC-2023-63

in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and prior, among the...

5.5CVSS7.4AI score0.00241EPSS
Exploits0References4
OSV
OSV
added 2023/05/10 5:58 p.m.23 views

CVE-2023-32076 in-toto vulnerable to Configuration Read From Local Directory

in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and prior, among the...

5.5CVSS5.8AI score0.00241EPSS
Exploits0References6
Rows per page
Query Builder