VYPR

rpm package

opensuse/cosign&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/cosign&distro=openSUSE%20Tumbleweed

Vulnerabilities (24)

  • CVE-2023-46737Nov 7, 2023
    affected < 2.2.1-1.1fixed 2.2.1-1.1

    Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long

  • CVE-2022-36056Sep 14, 2022
    affected < 1.12.0-1.1fixed 1.12.0-1.1

    Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should h

  • CVE-2022-35929Aug 4, 2022
    affected < 1.10.1-1.1fixed 1.10.1-1.1

    cosign is a container signing and verification utility. In versions prior to 1.10.1 cosign can report a false positive if any attestation exists. `cosign verify-attestation` used with the `--type` flag will report a false positive verification when there is at least one attestati

  • CVE-2022-23649Feb 18, 2022
    affected < 1.5.2-1.1fixed 1.5.2-1.1

    Cosign provides container signing, verification, and storage in an OCI registry for the sigstore project. Prior to version 1.5.2, Cosign can be manipulated to claim that an entry for a signature exists in the Rekor transparency log even if it doesn't. This requires the attacker t

Page 2 of 2