2 matches found
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cosign (SUSE-SU-2022:3486-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3486-1 advisory. Updated to version 1.12.0 jscSLE-23879: - CVE-2022-36056: Fixed verify-blob could successfully verify an...
CVE-2022-36056
Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First...