Lucene search
+L

8 matches found

redhatcve
redhatcve
added 2026/03/26 2:59 p.m.6 views

CVE-2026-31830

sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation...

7.5CVSS5.8AI score0.00217EPSS
Exploits0References1
euvd
euvd
added 2026/03/11 12:24 a.m.5 views

EUVD-2026-10933

sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest...

7.5CVSS5.8AI score0.00217EPSS
Exploits0References1
euvd
euvd
added 2026/03/11 12:24 a.m.5 views

EUVD-2026-10932

sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest...

7.5CVSS5.8AI score0.00217EPSS
Exploits0References1
nvd
nvd
added 2026/03/10 10:16 p.m.7 views

CVE-2026-31830

sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation...

7.5CVSS0.00217EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/03/10 9:46 p.m.4 views

CVE-2026-31830

sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation...

7.5CVSS5.8AI score0.00217EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/03/10 9:46 p.m.31 views

CVE-2026-31830 sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest

sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation...

7.5CVSS0.00217EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/03/10 9:46 p.m.2 views

CVE-2026-31830 sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest

sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation...

7.5CVSS5.8AI score0.00217EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/03/10 12:0 a.m.7 views

PT-2026-24484

Name of the Vulnerable Software and Affected Versions sigstore-ruby versions prior to 0.2.3 Description The software does not correctly handle verification failures when the artifact digest does not match the digest in the in-toto attestation subject. Specifically, the Sigstore::Verifierverify...

7.5CVSS5.8AI score0.00217EPSS
Exploits0References4
Rows per page
Query Builder