sigstore-java Vulnerability (CVE-2024-53267) – Critical

2024-11-28

Platform: sigstore-java

Version: v1.0.0

Vulnerability: Improper verification of log entry in bundle verification (CVE-2024-53267)

Severity: Critical

Date: November 26, 2024

What Undercode Says:

This critical vulnerability in sigstore-java allows attackers to forge bundle verification proofs without actually logging the signing event. This can be exploited to bypass security measures that rely on transparency logs. Upgrade to sigstore-java v1.1.0 or implement the provided workarounds to mitigate the risk.

References:

Reported By: Github.com
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top