VYPR

Sigstore Timestamp Authority

by Linux Foundation

Source repositories

CVEs (1)

  • CVE-2026-39984MedApr 15, 2026
    risk 0.29cvss 5.5epss 0.00

    Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the…