Web: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36056

Sept. 14, 2022, 8:15 p.m. |

National Vulnerability Database nist.gov

Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First a cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature. Second, when providing identity flags, the email and issuer of a certificate is not checked …

cve

Cybersecurity Engineer

@ Apercen Partners LLC | Folsom, CA

IDM Sr. Security Developer

@ The Ohio State University | Columbus, OH, United States

IT Security Engineer

@ Stylitics | New York City

Information Security Engineer

@ VDA Labs | Remote

Information Security Analyst

@ Metropolitan Transportation Commission | San Francisco, CA

IT Security Manager - Stamford or Middletown Location

@ Charles IT | Middletown, Connecticut, United States

Cyber Security Analyst - Sr. Consultant Level

@ Visa | Ashburn, VA, United States

Staff Information Security Engineer

@ ServiceNow | Atlanta, Georgia, United States

Senior Compliance Program Manager

@ Zscaler | San Jose, CA, United States

Supervisor, F&I Trainer and Compliance Financial Services

@ Lucid Motors | Newark, CA

Senior Information Security Analyst

@ RecargaPay | São Paulo, State of São Paulo, Brazil - Remote

IT Security Engineer - Middletown Location

@ Charles IT | Middletown, Connecticut, United States