Back to bug 2128820
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Sage McTaggart | 2022-09-21 15:31:34 UTC | CC | jwon, krathod, lball, matzew, rhuss, rrajasek | |
| RaTasha Tillery-Smith | 2022-09-21 18:39:43 UTC | Doc Text | A vulnerability was found in cosign prior to 1.12.0, where cosign incorrectly verified an artifact when the embedded rekorBundle does not reference the given signature. This could allow an attacker to exploit integrity and confidentiality. | A vulnerability was found in cosign, where it incorrectly verified an artifact when the embedded rekorBundle does not reference the given signature. This flaw allows an attacker to exploit integrity and confidentiality. |
| Red Hat Bugzilla | 2022-10-28 13:12:42 UTC | CC | krathod | |
| errata-xmlrpc | 2022-12-06 14:02:18 UTC | Link ID | Red Hat Product Errata RHSA-2022:8827 | |
| Product Security DevOps Team | 2022-12-09 17:32:51 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2022-12-09 17:32:51 UTC |
Back to bug 2128820