Lucene search
Redhat.comRH:CVE-2022-36056HistorySep 21, 2022 - 3:49 p.m.
CVE-2022-36056
2022-09-2115:49:22
redhat.com
access.redhat.com
28
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
0.0004 Low
EPSS
Percentile
12.9%
A vulnerability was found in cosign, where it incorrectly verified an artifact when the embedded rekorBundle does not reference the given signature. This flaw allows an attacker to exploit integrity and confidentiality.
Related
cve
cve
CVE-2022-36056
2022-09-14 20:15:09
veracode
veracode
Authorization Bypass
2022-09-15 05:15:20
alpinelinux
alpinelinux
CVE-2022-36056
2022-09-14 20:15:09
nessus
nessus
SUSE SLED15 / SLES15 Security Update : cosign (SUSE-SU-2022:3486-1)
2022-10-02 00:00:00
nvd
nvd
CVE-2022-36056
2022-09-14 20:15:09
osv
osv
Cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature
2022-09-16 19:13:13
Improper blob verification in github.com/sigstore/cosign
2023-11-09 19:35:28
CVE-2022-36056
2022-09-14 20:15:09
openvas
openvas
openSUSE: Security Advisory for cosign (SUSE-SU-2022:3486-1)
2022-10-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3486-1)
2022-10-03 00:00:00
prion
prion
Design/Logic Flaw
2022-09-14 20:15:00
cvelist
cvelist
CVE-2022-36056 Vulnerabilities with blob verification in sigstore cosign
2022-09-14 19:50:09
suse
suse
Security update for cosign (important)
2022-10-01 00:00:00
github
github
redhat
redhat
(RHSA-2022:8827) Low: RHACS 3.73 enhancement and security update
2022-12-06 13:04:45
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
0.0004 Low
EPSS
Percentile
12.9%
Related for RH:CVE-2022-36056