PT-2023-24216 · Rekor+1 · Rekor+1
Bobcallaway
·
Published
2023-05-26
·
Updated
2024-08-20
·
CVE-2023-33199
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Rekor versions prior to 1.2.0
Description
A malformed proposed entry of the
intoto/v0.0.2 type can cause a panic on a thread within the Rekor process. The thread is recovered, resulting in a 500 error message to the client, with minimal availability impact.Recommendations
For versions prior to 1.2.0, upgrade to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the
intoto/v0.0.2 type proposed entries until a patch is applied.Exploit
Fix
Assertion Failure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rekor
Suse