VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 25, 2007· Updated Apr 23, 2026

CVE-2007-2233

CVE-2007-2233

Description

cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote authenticated users to perform unauthorized actions as an arbitrary user by using CR (\r) sequences in the service parameter to inject LOGIN and REGISTER commands with the desired username.

Affected products

15
  • Sigstore/Cosign13 versions
    cpe:2.3:a:cosign:cosign:0.7.0:*:*:*:*:*:*:*+ 12 more
    • cpe:2.3:a:cosign:cosign:0.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cosign:cosign:0.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cosign:cosign:0.9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cosign:cosign:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cosign:cosign:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cosign:cosign:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cosign:cosign:1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:cosign:cosign:1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:cosign:cosign:1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:cosign:cosign:1.8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cosign:cosign:1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:cosign:cosign:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cosign:cosign:2.0.2:*:*:*:*:*:*:*
  • osv-coords2 versions
    pkg:apk/chainguard/cosignpkg:apk/wolfi/cosign
    < 0+ 1 more
    • (no CPE)range: < 0
    • (no CPE)range: < 0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.