Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Verification bypass can cause users into verifying the wrong artifact
Vulnerability Description
notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
密码学签名的验证不恰当
Vulnerability Title
Notation 数据伪造问题漏洞
Vulnerability Description
Notation是Notary Project开源的一个用于支持符号符号、验证、推送和拉取 oci 工件的库集合。 Notation v1.0.0-rc.6之前版本存在数据伪造问题漏洞,攻击者利用该漏洞可以破坏注册表的并导致工件中的用户验证错误。
CVSS Information
N/A
Vulnerability Type
N/A