Lucene search
Veracode Vulnerability DatabaseVERACODE:37035HistorySep 15, 2022 - 5:15 a.m.
Authorization Bypass
2022-09-1505:15:20
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
0.0004 Low
EPSS
Percentile
12.8%
github.com/sigstore/cosign is vulnerable to authorization bypasses. A local authenticated attacker is able to use a malicious cosign bundle to successfully verify a blob even if the embedded rekorBundle does not reference the given signature, resulting in immediate validation of invalid transparency log entries.
Related
nessus
nessus
SUSE SLED15 / SLES15 Security Update : cosign (SUSE-SU-2022:3486-1)
2022-10-02 00:00:00
alpinelinux
alpinelinux
CVE-2022-36056
2022-09-14 20:15:09
nvd
nvd
CVE-2022-36056
2022-09-14 20:15:09
openvas
openvas
openSUSE: Security Advisory for cosign (SUSE-SU-2022:3486-1)
2022-10-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3486-1)
2022-10-03 00:00:00
osv
osv
Improper blob verification in github.com/sigstore/cosign
2023-11-09 19:35:28
CVE-2022-36056
2022-09-14 20:15:09
redhatcve
redhatcve
CVE-2022-36056
2022-09-21 15:49:22
cve
cve
CVE-2022-36056
2022-09-14 20:15:09
prion
prion
Design/Logic Flaw
2022-09-14 20:15:00
suse
suse
Security update for cosign (important)
2022-10-01 00:00:00
github
github
cvelist
cvelist
CVE-2022-36056 Vulnerabilities with blob verification in sigstore cosign
2022-09-14 19:50:09
redhat
redhat
(RHSA-2022:8827) Low: RHACS 3.73 enhancement and security update
2022-12-06 13:04:45