CVE-2023-0767
CVE Details
Visit the official vulnerability details page for CVE-2023-0767 to learn more.
Initial Publication
01/27/2025
Last Update
04/08/2025
Third Party Dependency
nss-libs
NIST CVE Summary
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
CVE Severity
Our Official Summary
This high vulnerability only affects clusters which have harbor registry installed. Attackers with access to cluster resources can exploit this vulnerability and do arbitrary memory writes using specially crafted PKCS cert bundles. Since in this case, affcted components are containers, explotation complexity is high. Container has controls in place to prevent arbitrary code execution. Impact of exploitation is also limited since container limits the attack surface.A upstream fix is available which should fix this vulnerability and will be used from the next release.
Status
Open
Affected Products & Versions
Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
---|---|---|---|---|
4.6.18 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
4.5.22 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
No revisions available.