Lucene search
Redhat.comRH:CVE-2022-36056HistorySep 21, 2022 - 3:49 p.m.
CVE-2022-36056
2022-09-2115:49:22
redhat.com
access.redhat.com
28
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
0.0004 Low
EPSS
Percentile
12.8%
A vulnerability was found in cosign, where it incorrectly verified an artifact when the embedded rekorBundle does not reference the given signature. This flaw allows an attacker to exploit integrity and confidentiality.
Related
veracode
veracode
Authorization Bypass
2022-09-15 05:15:20
nessus
nessus
SUSE SLED15 / SLES15 Security Update : cosign (SUSE-SU-2022:3486-1)
2022-10-02 00:00:00
alpinelinux
alpinelinux
CVE-2022-36056
2022-09-14 20:15:09
nvd
nvd
CVE-2022-36056
2022-09-14 20:15:09
openvas
openvas
openSUSE: Security Advisory for cosign (SUSE-SU-2022:3486-1)
2022-10-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3486-1)
2022-10-03 00:00:00
osv
osv
Improper blob verification in github.com/sigstore/cosign
2023-11-09 19:35:28
CVE-2022-36056
2022-09-14 20:15:09
cve
cve
CVE-2022-36056
2022-09-14 20:15:09
prion
prion
Design/Logic Flaw
2022-09-14 20:15:00
suse
suse
Security update for cosign (important)
2022-10-01 00:00:00
github
github
cvelist
cvelist
CVE-2022-36056 Vulnerabilities with blob verification in sigstore cosign
2022-09-14 19:50:09
redhat
redhat
(RHSA-2022:8827) Low: RHACS 3.73 enhancement and security update
2022-12-06 13:04:45
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
0.0004 Low
EPSS
Percentile
12.8%
Related for RH:CVE-2022-36056