Lucene search
GoogleOSV:GO-2023-2332HistoryAug 21, 2024 - 2:30 p.m.
Gitsign's Rekor public keys fetched from upstream API instead of local TUF client. in github.com/sigstore/gitsign
2024-08-2114:30:22
Google
osv.dev
2
gitsign
rekor
public keys
upstream api
github
sigstore
software
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
AI Score
7
Confidence
Low
Gitsign’s Rekor public keys fetched from upstream API instead of local TUF client. in github.com/sigstore/gitsign
Related
osv
osv
CVE-2023-47122
2023-11-10 22:15:14
github
github
nvd
nvd
CVE-2023-47122
2023-11-10 22:15:14
veracode
veracode
Improper Verification Of Cryptographic Signature
2023-11-13 07:25:51
cve
cve
CVE-2023-47122
2023-11-10 22:15:14
prion
prion
Design/Logic Flaw
2023-11-10 22:15:00
vulnrichment
vulnrichment
cvelist
cvelist
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
AI Score
7
Confidence
Low
Related for OSV:GO-2023-2332