Lucene search
GoogleOSV:GO-2024-2472HistoryJun 28, 2024 - 3:28 p.m.
Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry
2024-06-2815:28:53
Google
osv.dev
4
go
package
notaryproject/notation
permissive trust
rollback attack
compromised registry
CVSS3
6.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
AI Score
6.7
Confidence
Low
Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry
Related
github
github
nvd
nvd
CVE-2024-23332
2024-01-19 23:15:07
veracode
veracode
Rollback Attack
2024-01-23 05:43:39
cvelist
cvelist
prion
prion
Design/Logic Flaw
2024-01-19 23:15:00
osv
osv
cve
cve
CVE-2024-23332
2024-01-19 23:15:07
CVSS3
6.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
AI Score
6.7
Confidence
Low
Related for OSV:GO-2024-2472