VYPR
Unrated severityNVD Advisory· Published Apr 25, 2007· Updated Jun 16, 2026

CVE-2007-2233

CVE-2007-2233

Description

cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote authenticated users to perform unauthorized actions as an arbitrary user by using CR (\r) sequences in the service parameter to inject LOGIN and REGISTER commands with the desired username.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

16
  • Sigstore/Cosign13 versions
    cpe:2.3:a:cosign:cosign:0.7.0:*:*:*:*:*:*:*+ 12 more
    • cpe:2.3:a:cosign:cosign:0.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cosign:cosign:0.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cosign:cosign:0.9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cosign:cosign:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cosign:cosign:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cosign:cosign:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cosign:cosign:1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:cosign:cosign:1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:cosign:cosign:1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:cosign:cosign:1.8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cosign:cosign:1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:cosign:cosign:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cosign:cosign:2.0.2:*:*:*:*:*:*:*
  • Range: <=2.0.2
  • osv-coords2 versions
    < 0+ 1 more
    • (no CPE)range: < 0
    • (no CPE)range: < 0

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.