12 matches found
CVE-2022-35930
PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyController will report a false positive, resulting in an admission when it should not be admitted when there is at least one attestation with a valid signature and there are ...
EUVD-2022-6496
Malicious code in bioql PyPI...
GO-2022-0759 PolicyController before 0.2.1 may bypass attestation verification in github.com/sigstore/policy-controller
PolicyController before 0.2.1 may bypass attestation verification in github.com/sigstore/policy-controller...
PolicyController before 0.2.1 may bypass attestation verification
PolicyController will report a false positive, resulting in an admission when it should not be admitted when: There is at least one attestation with a valid signature There are NO attestations of the type being verified --type defaults to "custom" Users should upgrade to cosign version 0.2.1 or...
GHSA-739F-HW6H-7WQ8 PolicyController before 0.2.1 may bypass attestation verification
PolicyController will report a false positive, resulting in an admission when it should not be admitted when: There is at least one attestation with a valid signature There are NO attestations of the type being verified --type defaults to "custom" Users should upgrade to cosign version 0.2.1 or...
CVE-2022-35930
PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyController will report a false positive, resulting in an admission when it should not be admitted when there is at least one attestation with a valid signature and there are ...
Design/Logic Flaw
PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyController will report a false positive, resulting in an admission when it should not be admitted when there is at least one attestation with a valid signature and there are ...
CVE-2022-35930
CVE-2022-35930 affects PolicyController (Sigstore) before version 0.2.1, which may report false positives in attestation verification and admit unsigned images when there is a valid attestation but no matching type. The issue is a logic/validation flaw in PolicyController used to enforce Kubernet...
CVE-2022-35930 Ability to bypass attestation verification in sigstore PolicyController
PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyController will report a false positive, resulting in an admission when it should not be admitted when there is at least one attestation with a valid signature and there are ...
CVE-2022-35930 Ability to bypass attestation verification in sigstore PolicyController
PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyController will report a false positive, resulting in an admission when it should not be admitted when there is at least one attestation with a valid signature and there are ...
CVE-2022-35930 Ability to bypass attestation verification in sigstore PolicyController
PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyController will report a false positive, resulting in an admission when it should not be admitted when there is at least one attestation with a valid signature and there are ...
PT-2022-23036 · Unknown · Policycontroller
Name of the Vulnerable Software and Affected Versions: PolicyController versions prior to 0.2.1 Description: The issue arises when there is at least one attestation with a valid signature and no attestations of the type being verified, with --type defaulting to "custom". This results in a false...