Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped

Summary When verifying artifact signatures using a certificate, Cosign first verifies the certificate chain using the leaf certificate's "not before" timestamp and later checks expiry of the leaf certificate using either a signed timestamp provided by the Rekor transparency log or from a timestam...

Improper Certificate Validation

wlc is vulnerable to improper certificate validation. The vulnerability is due to skipped SSL verification for specially crafted URLs, which allows an attacker to perform man-in-the-middle attacks and intercept or manipulate communications...