Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:39 a.m.7 views

CVE-2022-35930

PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyController will report a false positive, resulting in an admission when it should not be admitted when there is at least one attestation with a valid signature and there are ...

8.8CVSS6.6AI score0.00523EPSS
Exploits0References1
NVD
NVD
added 2022/08/04 10:15 p.m.17 views

CVE-2022-35930

PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyController will report a false positive, resulting in an admission when it should not be admitted when there is at least one attestation with a valid signature and there are ...

8.8CVSS0.00523EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/08/04 9:15 p.m.19 views

CVE-2022-35930 Ability to bypass attestation verification in sigstore PolicyController

PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyController will report a false positive, resulting in an admission when it should not be admitted when there is at least one attestation with a valid signature and there are ...

7.1CVSS8.8AI score0.00523EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/08/04 9:15 p.m.8 views

CVE-2022-35930 Ability to bypass attestation verification in sigstore PolicyController

PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyController will report a false positive, resulting in an admission when it should not be admitted when there is at least one attestation with a valid signature and there are ...

7.1CVSS8.6AI score0.00523EPSS
Exploits0References3
CVE
CVE
added 2022/08/04 9:15 p.m.72 views

CVE-2022-35930

CVE-2022-35930 affects PolicyController (Sigstore) before version 0.2.1, which may report false positives in attestation verification and admit unsigned images when there is a valid attestation but no matching type. The issue is a logic/validation flaw in PolicyController used to enforce Kubernet...

8.8CVSS7.7AI score0.00523EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/08/04 9:15 p.m.18 views

CVE-2022-35930 Ability to bypass attestation verification in sigstore PolicyController

PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyController will report a false positive, resulting in an admission when it should not be admitted when there is at least one attestation with a valid signature and there are ...

7.1CVSS8.4AI score0.00523EPSS
Exploits0References5
Rows per page
Query Builder