github.com/sigstore/cosign is vulnerable to authorization bypasses. A local authenticated attacker is able to use a malicious cosign bundle to successfully verify a blob even if the embedded rekorBundle
does not reference the given signature, resulting in immediate validation of invalid transparency log entries.