6.5
CVE-2023-33958
- EPSS 0.09%
- Veröffentlicht 06.06.2023 19:15:12
- Zuletzt bearbeitet 21.11.2024 08:06:17
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Loginnotation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same machine. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation packages to v1.0.0-rc.6 or above. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Notaryproject ≫ Notation-go Version < 1.0.0
Notaryproject ≫ Notation-go Version1.0.0 Updaterc1
Notaryproject ≫ Notation-go Version1.0.0 Updaterc2
Notaryproject ≫ Notation-go Version1.0.0 Updaterc3
Notaryproject ≫ Notation-go Version1.0.0 Updaterc4
Notaryproject ≫ Notation-go Version1.0.0 Updaterc5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.246 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| security-advisories@github.com | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.