Gitsign's Rekor public keys fetched from upstream API instead of local TUF client.

🗓️ 14 Nov 2023 20:23:31Reported by GoogleType

osv🔗 osv.dev👁 18 Views

Gitsign Rekor public keys fetched from Rekor API instead of TUF clien

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 10
OSV	CVE-2023-47122	10 Nov 202322:15	–	osv
OSV	GO-2023-2332 Gitsign's Rekor public keys fetched from upstream API instead of local TUF client. in github.com/sigstore/gitsign	21 Aug 202414:30	–	osv
NVD	CVE-2023-47122	10 Nov 202322:15	–	nvd
Github Security Blog	Gitsign's Rekor public keys fetched from upstream API instead of local TUF client.	14 Nov 202320:31	–	github
Prion	Design/Logic Flaw	10 Nov 202322:15	–	prion
Vulnrichment	CVE-2023-47122 Gitsign's Rekor public keys fetched from upstream API instead of local TUF client.	10 Nov 202321:33	–	vulnrichment
Debian CVE	CVE-2023-47122	10 Nov 202322:15	–	debiancve
Cvelist	CVE-2023-47122 Gitsign's Rekor public keys fetched from upstream API instead of local TUF client.	10 Nov 202321:33	–	cvelist
CVE	CVE-2023-47122	10 Nov 202322:15	–	cve
Veracode	Improper Verification Of Cryptographic Signature	13 Nov 202307:25	–	veracode

Source	Link
github	www.github.com/sigstore/gitsign/security/advisories/GHSA-xvrc-2wvh-49vc
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-47122
github	www.github.com/sigstore/gitsign/pull/399
github	www.github.com/sigstore/gitsign/commit/cd66ccb03c86a3600955f0c15f6bfeb75f697236
docs	www.docs.sigstore.dev/about/threat-model/
github	www.github.com/sigstore/gitsign

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

14 Nov 2023 20:31Current

6.8Medium risk

Vulners AI Score6.8

CVSS34.2 - 5.3

EPSS0.00091

SSVC