CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
19.3%
github.com/notaryproject/notation is vulnerable to Rollback Attack. The vulnerability is caused when the container registry is compromised, allowing the attacker to provide outdated artifact versions when consumers have relaxed trust policies.
github.com/advisories/GHSA-57wx-m636-g3g8
github.com/notaryproject/specifications/commit/cdabdd1042de2999c685fa5d422a785ded9c983a
github.com/notaryproject/specifications/pull/285/commits/4f6c7fbc2a3e89ec23e688048fc178c7c63da3d6
github.com/notaryproject/specifications/security/advisories/GHSA-57wx-m636-g3g8
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
19.3%