You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature
Moderate severity
GitHub Reviewed
Published
Sep 14, 2022
in
sigstore/cosign
•
Updated May 20, 2024