CVE-2024-23332

MEDIUM4.0EPSS 0.04%

Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry

Published: 1/19/2024Modified: 3/3/2026

Description

Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry

Affected packages (2)

Go/github.com/notaryproject/notationfrom 0, <= 1.0.0
Go/github.com/notaryproject/notationfrom 0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.0	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:L

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-23332
PATCHhttps://github.com/notaryproject/specifications
WEBhttps://github.com/notaryproject/specifications/commit/cdabdd1042de2999c685fa5d422a785ded9c983a
WEBhttps://github.com/notaryproject/specifications/security/advisories/GHSA-57wx-m636-g3g8