Vulnerabilidades en sigstore
29 resultadosCVE-2022-23649LOWImproper Certificate Validation in CosignEPSS 0.2%CVE-2026-24408NONEsigstore has CSRF possibility in OIDC authentication during signingEPSS 0.2%CVE-2022-36056MEDIUM Vulnerabilities with blob verification in sigstore cosignEPSS 0.1%CVE-2026-44309MEDIUMgitsign verify accepts signatures over go-git-normalized bytes, enabling trust confusion on malformed commitsEPSS 0.1%CVE-2024-51746LOWUse of incorrect Rekor entries during verification in gitsignEPSS 0.1%CVE-2026-44310MEDIUMgitsign --verify panics on empty-certificate PKCS7 and exits 0, bypassing exit-code callersEPSS 0.1%CVE-2026-39984MEDIUMSigstore Timestamp Authority has Improper Certificate Validation in verifierEPSS 0.1%CVE-2024-53267MEDIUMVulnerability with bundle verification in sigstore-javaEPSS 0.1%CVE-2026-22703MEDIUMCosign verification accepts any valid Rekor entry under certain conditionsEPSS 0.1%