rpm package
opensuse/python-sigstore&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/python-sigstore&distro=openSUSE%20Tumbleweed
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-24408 | — | < 4.2.0-1.1 | 4.2.0-1.1 | Jan 26, 2026 | sigstore-python is a Python tool for generating and verifying Sigstore signatures. Prior to version 4.2.0, the sigstore-python OAuth authentication flow is susceptible to Cross-Site Request Forgery. `_OAuthSession` creates a unique "state" and sends it as a parameter in the authe |
- CVE-2026-24408Jan 26, 2026affected < 4.2.0-1.1fixed 4.2.0-1.1
sigstore-python is a Python tool for generating and verifying Sigstore signatures. Prior to version 4.2.0, the sigstore-python OAuth authentication flow is susceptible to Cross-Site Request Forgery. `_OAuthSession` creates a unique "state" and sends it as a parameter in the authe