rpm package
opensuse/cosign&distro=openSUSE Leap 15.4
pkg:rpm/opensuse/cosign&distro=openSUSE%20Leap%2015.4
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-46737 | — | < 2.2.1-150400.3.14.1 | 2.2.1-150400.3.14.1 | Nov 7, 2023 | Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long | ||
| CVE-2022-36056 | — | < 1.12.0-150400.3.6.1 | 1.12.0-150400.3.6.1 | Sep 14, 2022 | Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should h | ||
| CVE-2022-35929 | — | < 1.10.1-150400.3.3.1 | 1.10.1-150400.3.3.1 | Aug 4, 2022 | cosign is a container signing and verification utility. In versions prior to 1.10.1 cosign can report a false positive if any attestation exists. `cosign verify-attestation` used with the `--type` flag will report a false positive verification when there is at least one attestati |
- CVE-2023-46737Nov 7, 2023affected < 2.2.1-150400.3.14.1fixed 2.2.1-150400.3.14.1
Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long
- CVE-2022-36056Sep 14, 2022affected < 1.12.0-150400.3.6.1fixed 1.12.0-150400.3.6.1
Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should h
- CVE-2022-35929Aug 4, 2022affected < 1.10.1-150400.3.3.1fixed 1.10.1-150400.3.3.1
cosign is a container signing and verification utility. In versions prior to 1.10.1 cosign can report a false positive if any attestation exists. `cosign verify-attestation` used with the `--type` flag will report a false positive verification when there is at least one attestati