Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
SigstoreCosign

3 matches found

CVE
CVEadded 2022/02/18 10:15 p.m.130 views

CVE-2022-23649

Cosign provides container signing, verification, and storage in an OCI registry for the sigstore project. Prior to version 1.5.2, Cosign can be manipulated to claim that an entry for a signature exists in the Rekor transparency log even if it doesn't. This requires the attacker to have pull and pus...

3.3CVSS3.4AI score0.00053EPSS
CVE
CVEadded 2022/08/04 7:15 p.m.115 views

CVE-2022-35929

cosign is a container signing and verification utility. In versions prior to 1.10.1 cosign can report a false positive if any attestation exists. cosign verify-attestation used with the --type flag will report a false positive verification when there is at least one attestation with a valid signatu...

9.8CVSS8AI score0.00072EPSS
CVE
CVEadded 2022/09/14 8:15 p.m.82 views

CVE-2022-36056

Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First a...

5.5CVSS6.2AI score0.0001EPSS