CVSS 3.1 Score 5.3 of 10 (medium)


Published Nov 7, 2023
Updated: Nov 14, 2023
CWE ID 835
CWE ID 400


CVE-2023-46737 is a vulnerability affecting the Cosign signing tool for OCI containers. The vulnerability allows an attacker, who controls a remote registry, to cause a denial of service attack by returning a high number of attestations and signatures to Cosign. This triggers an endless loop in Cosign, preventing other users from verifying their data. The vulnerability can be remediated by securing the remote registry and limiting access privileges. The potential danger posed by this vulnerability is that it can disrupt an organization's container signing process, leading to potential security risks and operational disruptions.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-46737 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options