5 matches found
CVE-2024-54140
sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify. Currently...
CVE-2024-54140 sigstore-java has a vulnerability with bundle verification
sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify. Currently...
PT-2024-36069 · Unknown · Sigstore-Java
Name of the Vulnerable Software and Affected Versions: sigstore-java versions prior to 1.2.0 Description: The issue is related to insufficient verification for a situation where a bundle provides an invalid signature for a checkpoint. This affects clients using any variation of...
CVE-2024-53267 Vulnerability with bundle verification in sigstore-java
sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a validly-signed but "mismatched" bundle is presented as proof of inclusion into a transparency log. This bug impacts clients using any variation...
PT-2024-35702 · Unknown · Sigstore-Java
Name of the Vulnerable Software and Affected Versions: sigstore-java versions prior to v1.1.0 Description: The issue is related to insufficient verification in sigstore-java for a situation where a validly-signed but "mismatched" bundle is presented as proof of inclusion into a transparency log...