Version: latest

CVE-2023-0767

CVE Details

Visit the official vulnerability details page for CVE-2023-0767 to learn more.

Initial Publication

01/27/2025

Last Update

04/08/2025

Third Party Dependency

nss-libs

NIST CVE Summary

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

CVE Severity

8.8

Our Official Summary

This high vulnerability only affects clusters which have harbor registry installed. Attackers with access to cluster resources can exploit this vulnerability and do arbitrary memory writes using specially crafted PKCS cert bundles. Since in this case, affcted components are containers, explotation complexity is high. Container has controls in place to prevent arbitrary code execution. Impact of exploitation is also limited since container limits the attack surface.A upstream fix is available which should fix this vulnerability and will be used from the next release.

Status

Open

Affected Products & Versions

Version	Palette Enterprise	Palette Enterprise Airgap	VerteX	VerteX Airgap
4.6.18	⚠️ Impacted	✅ No Impact	⚠️ Impacted	✅ No Impact
4.5.22	⚠️ Impacted	✅ No Impact	⚠️ Impacted	✅ No Impact

Revision History

No revisions available.

CVE Details​

Initial Publication​

Last Update​

Third Party Dependency​

NIST CVE Summary​

CVE Severity​

Our Official Summary​

Status​

Affected Products & Versions​

Revision History​