sigstore Gitsign Vulnerabilities

Sigstore Gitsign vulnerabilities.

JSON RSS CSV 🔔 Create Alert Trigger

5 November 2024

Gitsign Sigstore Vulnerability Could Lead to Signature Verification Bypass
CVE-2024-51746
SigstoreGitsign

10 November 2023

Gitsign's Rekor public keys fetched from upstream API instead of local TUF client.
CVE-2023-47122
SigstoreGitsign4.2MEDIUM