6 matches found
CVE-2022-35930
PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyController will report a false positive, resulting in an admission when it should not be admitted when there is at least one attestation with a valid signature and there are ...
CVE-2022-35930
PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyController will report a false positive, resulting in an admission when it should not be admitted when there is at least one attestation with a valid signature and there are ...
CVE-2022-35930 Ability to bypass attestation verification in sigstore PolicyController
PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyController will report a false positive, resulting in an admission when it should not be admitted when there is at least one attestation with a valid signature and there are ...
CVE-2022-35930 Ability to bypass attestation verification in sigstore PolicyController
PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyController will report a false positive, resulting in an admission when it should not be admitted when there is at least one attestation with a valid signature and there are ...
CVE-2022-35930
CVE-2022-35930 affects PolicyController (Sigstore) before version 0.2.1, which may report false positives in attestation verification and admit unsigned images when there is a valid attestation but no matching type. The issue is a logic/validation flaw in PolicyController used to enforce Kubernet...
CVE-2022-35930 Ability to bypass attestation verification in sigstore PolicyController
PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyController will report a false positive, resulting in an admission when it should not be admitted when there is at least one attestation with a valid signature and there are ...