apk package
chainguard/spire-oidc-discovery-provider-fips
pkg:apk/chainguard/spire-oidc-discovery-provider-fips
Vulnerabilities (62)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-46737 | — | < 1.8.5-r0 | 1.8.5-r0 | Nov 7, 2023 | Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long | ||
| CVE-2020-8559 | — | < 1.12.0-r0 | 1.12.0-r0 | Jul 22, 2020 | The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise. |
- CVE-2023-46737Nov 7, 2023affected < 1.8.5-r0fixed 1.8.5-r0
Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long
- CVE-2020-8559Jul 22, 2020affected < 1.12.0-r0fixed 1.12.0-r0
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.
Page 4 of 4