Lucene search
Veracode Vulnerability DatabaseVERACODE:36615HistoryAug 05, 2022 - 7:34 p.m.
Supply Chain Attack
2022-08-0519:34:28
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
policy-controller
vulnerability
false positives
unsigned images
0.002 Low
EPSS
Percentile
55.9%
Policy-controller is vulnerable to supply chain attack. Due to a flaw in the function ValidatePolicyAttestationsForAuthority, images will be reported as false positives resulting in admission in specific conditions. An attacker can use this vulnerability to run unsigned images.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/sigstore/policy-controller | le | v0.2.0 | |
| github.com/sigstore/policy-controller | le | v0.2.0 |
Related
cve
cve
CVE-2022-35930
2022-08-04 22:15:08
nvd
nvd
CVE-2022-35930
2022-08-04 22:15:08
cvelist
cvelist
github
github
PolicyController before 0.2.1 may bypass attestation verification
2022-08-10 18:38:16
osv
osv
PolicyController before 0.2.1 may bypass attestation verification
2022-08-10 18:38:16
CVE-2022-35930
2022-08-04 22:15:08
prion
prion
Design/Logic Flaw
2022-08-04 22:15:00