Common Weakness Enumeration

CWE-347

Allowed

Improper Verification of Cryptographic Signature

Abstraction: Base · Status: Draft

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

1121 vulnerabilities reference this CWE, most recent first.

GHSA-QG36-9JXH-FJ25

Vulnerability from github – Published: 2023-05-22 19:41 – Updated: 2024-11-18 16:26
VLAI
Summary
Incorrect signature verification in django-ses
Details

The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the SESEventWebhookView class intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests are signed by AWS and are verified by django_ses, however the verification of this signature was found to be flawed as it allowed users to specify arbitrary public certificates.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "django-ses"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-33185"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-05-22T19:41:56Z",
    "nvd_published_at": "2023-05-26T21:15:20Z",
    "severity": "LOW"
  },
  "details": "The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests are signed by AWS and are verified by django_ses, however the verification of this signature was found to be flawed as it allowed users to specify arbitrary public certificates.",
  "id": "GHSA-qg36-9jxh-fj25",
  "modified": "2024-11-18T16:26:29Z",
  "published": "2023-05-22T19:41:56Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/django-ses/django-ses/security/advisories/GHSA-qg36-9jxh-fj25"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33185"
    },
    {
      "type": "WEB",
      "url": "https://github.com/django-ses/django-ses/commit/b71b5f413293a13997b6e6314086cb9c22629795"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/django-ses/django-ses"
    },
    {
      "type": "WEB",
      "url": "https://github.com/django-ses/django-ses/blob/3d627067935876487f9938310d5e1fbb249a7778/CVE/001-cert-url-signature-verification.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-ses/PYSEC-2023-82.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Incorrect signature verification in django-ses"
}

GHSA-QH45-328H-49G4

Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2022-05-24 17:29
VLAI
Details

FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack".

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-12676"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-02T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a \"Signature exclusion attack\".",
  "id": "GHSA-qh45-328h-49g4",
  "modified": "2022-05-24T17:29:58Z",
  "published": "2022-05-24T17:29:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12676"
    },
    {
      "type": "WEB",
      "url": "https://compass-security.com/fileadmin/Research/Advisories/2020-06_CSNC-2020-002_FusionAuth_Signature_Exclusion_Attack.txt"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SAMLRaider/SAMLRaider"
    },
    {
      "type": "WEB",
      "url": "https://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/159454/FusionAuth-SAMLv2-0.2.3-Message-Forging.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2020/Oct/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QH83-9FPX-6F4R

Vulnerability from github – Published: 2025-12-19 21:30 – Updated: 2025-12-19 21:30
VLAI
Details

Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53951"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-19T21:15:51Z",
    "severity": "CRITICAL"
  },
  "details": "Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions.",
  "id": "GHSA-qh83-9fpx-6f4r",
  "modified": "2025-12-19T21:30:20Z",
  "published": "2025-12-19T21:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53951"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ever-co/ever-gauzy"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/51354"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/ever-gauzy-jwt-authentication-weakness-via-hmac-secret"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-QHGJ-GG86-H6Q2

Vulnerability from github – Published: 2025-08-27 12:30 – Updated: 2025-08-27 12:30
VLAI
Details

An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the "ex:action" parameter in the VerifyUserByThrustedService function to generate a session for any user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-30064"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-27T11:15:41Z",
    "severity": "HIGH"
  },
  "details": "An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the \"ex:action\" parameter in the VerifyUserByThrustedService function to generate a session for any user.",
  "id": "GHSA-qhgj-gg86-h6q2",
  "modified": "2025-08-27T12:30:27Z",
  "published": "2025-08-27T12:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30064"
    },
    {
      "type": "WEB",
      "url": "https://cert.pl/en/posts/2025/08/CVE-2025-2313"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-QJ6M-MJM6-Q6QR

Vulnerability from github – Published: 2024-04-04 00:33 – Updated: 2024-09-06 18:31
VLAI
Details

An issue in D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home Mesh Wi-Fi System (Hardware Rev B1) truncates Wireless Access Point Passwords (WPA-PSK) allowing an attacker to gain unauthorized network access via weak authentication controls.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52043"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-03T22:15:06Z",
    "severity": "HIGH"
  },
  "details": "An issue in D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home Mesh Wi-Fi System (Hardware Rev B1) truncates Wireless Access Point Passwords (WPA-PSK) allowing an attacker to gain unauthorized network access via weak authentication controls.",
  "id": "GHSA-qj6m-mjm6-q6qr",
  "modified": "2024-09-06T18:31:26Z",
  "published": "2024-04-04T00:33:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52043"
    },
    {
      "type": "WEB",
      "url": "https://exploots.github.io/posts/2024/01/18/d-link-covr-1102-vulnerability.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QJWP-HRQ6-R26R

Vulnerability from github – Published: 2026-06-01 14:26 – Updated: 2026-06-01 14:26
VLAI
Summary
kas checks out SHA-like git branches as valid commits
Details

Impact

When relying solely on a git commit ID (SHA-1 or SHA-256) to qualify if a checkout of a repository is equivalent to the state validated while adding its commit ID to a kas configuration, users may be tricked to check out a branch of the same name from this repository. This implies that the referenced repository has been taken over by an attacker and modified to carry such a branch. SHA-1 commits may also be replaced by creating hash collisions, so the primary impact of this issue is on SHA-256 commit IDs.

Patches

Commit https://github.com/siemens/kas/commit/4cb4a3d01122ffaec9feaae768a5814092f6f9b5 is resolving this issue. It has been released along with kas version 5.3.

Workarounds

Avoid relying solely on the commit ID for integrity validation of a repository that might become under control of a malicious 3rd party. If available, additional validate cryptographically signed commits or tags. Alternatively, mirror the repository to a save place, validate its integrity, and use this instead of the original one.

Credits

That such issues exist was already reported 3 years ago by Aditya Sirish A Yelgundhalli. At this point, no strong integrity checks for external repositories were in place in kas, and Siemens stated in the kas documentation that such attacks are considered out of scope. This hasn't changed for SHA-1 commits as explained above. If a repo provides SHA-256 commits, though, those may be considered strong enough (even if not providing authenticity proof) and can be affected by this issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "kas"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-47191"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-01T14:26:36Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "### Impact\nWhen relying solely on a git commit ID (SHA-1 or SHA-256) to qualify if a checkout of a repository is equivalent to the state validated while adding its commit ID to a kas configuration, users may be tricked to check out a branch of the same name from this repository. This implies that the referenced repository has been taken over by an attacker and modified to carry such a branch. SHA-1 commits may also be replaced by creating hash collisions, so the primary impact of this issue is on SHA-256 commit IDs.\n\n### Patches\nCommit https://github.com/siemens/kas/commit/4cb4a3d01122ffaec9feaae768a5814092f6f9b5 is resolving this issue. It has been released along with kas version 5.3.\n\n### Workarounds\nAvoid relying solely on the commit ID for integrity validation of a repository that might become under control of a malicious 3rd party. If available, additional validate cryptographically signed commits or tags. Alternatively, mirror the repository to a save place, validate its integrity, and use this instead of the original one.\n\n### Credits\nThat such issues exist was already reported 3 years ago by Aditya Sirish A Yelgundhalli. At this point, no strong integrity checks for external repositories were in place in kas, and Siemens stated in the kas documentation that such attacks are considered out of scope. This hasn\u0027t changed for SHA-1 commits as explained above. If a repo provides SHA-256 commits, though, those may be considered strong enough (even if not providing authenticity proof) and can be affected by this issue.",
  "id": "GHSA-qjwp-hrq6-r26r",
  "modified": "2026-06-01T14:26:36Z",
  "published": "2026-06-01T14:26:36Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/siemens/kas/security/advisories/GHSA-qjwp-hrq6-r26r"
    },
    {
      "type": "WEB",
      "url": "https://github.com/siemens/kas/commit/4cb4a3d01122ffaec9feaae768a5814092f6f9b5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/siemens/kas"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "kas checks out SHA-like git branches as valid commits"
}

GHSA-QMF6-MW8H-6M87

Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40
VLAI
Details

Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. The camera reads firmware update configuration from SD card file vc\version.json. fw-sign parameter and from this configuration is directly inserted into a bash command. Firmware update is run automatically if there is special file on the inserted SD card.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-27540"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-26T18:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. The camera reads firmware update configuration from SD card file vc\\version.json. fw-sign parameter and from this configuration is directly inserted into a bash command. Firmware update is run automatically if there is special file on the inserted SD card.",
  "id": "GHSA-qmf6-mw8h-6m87",
  "modified": "2022-05-24T17:40:12Z",
  "published": "2022-05-24T17:40:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27540"
    },
    {
      "type": "WEB",
      "url": "https://dil4rd.medium.com/groundhog-day-in-iot-valley-or-5-cves-in-1-camera-7dc1d2864707"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QPGW-J75C-J585

Vulnerability from github – Published: 2024-07-31 21:32 – Updated: 2024-08-15 15:30
VLAI
Details

An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey() disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-41254"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347",
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-31T21:15:17Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey() disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack.",
  "id": "GHSA-qpgw-j75c-j585",
  "modified": "2024-08-15T15:30:52Z",
  "published": "2024-07-31T21:32:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41254"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/nyxfqq/d857f268a53aa62402655c8dcd95c68f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QPV2-RWC8-C993

Vulnerability from github – Published: 2026-04-28 18:30 – Updated: 2026-05-05 14:45
VLAI
Summary
Netmaker does not verify JWT signatures for host tokens
Details

Netmaker by Gravitl is an open-source WireGuard-based networking platform for creating and managing virtual overlay networks. The VerifyHostToken function in logic/jwts.go does not validate the JWT signature when verifying host tokens. After calling jwt.ParseWithClaims, the function only checks whether the returned token object is non-nil. It does not check token.Valid or the returned error. An attacker can forge a JWT signed with any key, set the claims to any host ID, and pull that host's full configuration including bcrypt-hashed passwords, MQTT credentials, and WireGuard peer data. The issue was patched in v1.5.0.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/gravitl/netmaker"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-38651"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-05T14:45:55Z",
    "nvd_published_at": "2026-04-28T16:16:13Z",
    "severity": "CRITICAL"
  },
  "details": "Netmaker by Gravitl is an open-source WireGuard-based networking platform for creating and managing virtual overlay networks. The `VerifyHostToken` function in `logic/jwts.go` does not validate the JWT signature when verifying host tokens. After calling `jwt.ParseWithClaims`, the function only checks whether the returned token object is non-nil. It does not check `token.Valid` or the returned error. An attacker can forge a JWT signed with any key, set the claims to any host ID, and pull that host\u0027s full configuration including bcrypt-hashed passwords, MQTT credentials, and WireGuard peer data. The issue was patched in v1.5.0.",
  "id": "GHSA-qpv2-rwc8-c993",
  "modified": "2026-05-05T14:45:55Z",
  "published": "2026-04-28T18:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-38651"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gravitl/netmaker/commit/5309aa70d464ef565911369714d661a61481a79b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/gravitl/netmaker"
    },
    {
      "type": "WEB",
      "url": "https://www.zyenra.com/advisories/netmaker-jwt-verification-bypass"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Netmaker does not verify JWT signatures for host tokens"
}

GHSA-QQW8-7C2R-JXCH

Vulnerability from github – Published: 2026-06-30 18:10 – Updated: 2026-06-30 18:10
VLAI
Summary
Sigstore Java has a vulnerability with bundle verification of integratedTime
Details

Summary

Regression: Verification of integratedTime from Rekor V1 Log Entry against Fuclio Certificate validity was missing

Details

  • PR #1008 erroneously removed verification of the integrated (Rekor entry) time) against the Fulcio certificate.
  • PR #1185 re-added this verification with enhancements that adhere to the Sigstore verification spec.
  • old sigstore-conformance test for this check was built incorrectly

PoC

A new bundle was added to sigstore-conformance to test this: sigstore-java:2.0.0 can be tested against it and shown to be unexpectedly passing Verify this bundle against a.txt

$ git clone git@github.com:sigstore/sigstore-java
$ git checkout v2.0.0
$ ./gradlew :sigstore-cli:build
$ tar -xf sigstore-cli/build/distributions/sigstore-cli-*-SNAPSHOT.tar --strip-components 1
$ ./bin/sigstore-cli verify --bundle=bundle.sigstore.json a.txt
# expect error but none

Impact

This vulnerability impacts only users verifying bundles with dev.sigstore:sigstore-java:2.0.0. Older versions are not affected, it is fixed in dev.sigstore:sigstore-java:2.1.0

A malicious actor may exploit this if they were able to access a users system and exfiltrate the temporary private key used during signing and then reuse an old fulcio certificate later without requiring direct access to the user's credentials.

Users may protect themselves by re-verifying their artifacts using the newest sigstore-java or another current sigstore client. Transparency logs may also be audited for unauthorized signatures for a suspected reused identity.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "dev.sigstore:sigstore-java"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.0.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2026-48791"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-30T18:10:28Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "### Summary\nRegression: Verification of `integratedTime` from Rekor V1 Log Entry against Fuclio Certificate validity was missing\n\n### Details\n- PR [#1008](https://github.com/sigstore/sigstore-java/pull/1008) erroneously removed verification of the integrated (Rekor entry) time) against the Fulcio certificate. \n- PR [#1185](https://github.com/sigstore/sigstore-java/pull/1185) re-added this verification with enhancements that adhere to the Sigstore verification spec.\n- old sigstore-conformance test for this check was built incorrectly\n\n### PoC\nA new bundle was added to sigstore-conformance to test this: sigstore-java:2.0.0 can be tested against it and shown to be unexpectedly passing\nVerify this [bundle](https://github.com/aaronlew02/sigstore-conformance/blob/8b45823fd0d82236ff42aea5b06c98d5109a0e6d/test/assets/bundle-verify/integrated-time-in-future_fail/bundle.sigstore.json) against [`a.txt`](https://github.com/aaronlew02/sigstore-conformance/blob/8b45823fd0d82236ff42aea5b06c98d5109a0e6d/test/assets/a.txt)\n\n```\n$ git clone git@github.com:sigstore/sigstore-java\n$ git checkout v2.0.0\n$ ./gradlew :sigstore-cli:build\n$ tar -xf sigstore-cli/build/distributions/sigstore-cli-*-SNAPSHOT.tar --strip-components 1\n$ ./bin/sigstore-cli verify --bundle=bundle.sigstore.json a.txt\n# expect error but none\n```\n\n### Impact\nThis vulnerability impacts only users verifying bundles with `dev.sigstore:sigstore-java:2.0.0`. Older versions are not affected, it is fixed in `dev.sigstore:sigstore-java:2.1.0`\n\nA malicious actor may exploit this if they were able to access a users system and exfiltrate the temporary private key used during signing and then reuse an old fulcio certificate later without requiring direct access to the user\u0027s credentials.\n\nUsers may protect themselves by re-verifying their artifacts using the newest sigstore-java or another current sigstore client. Transparency logs may also be audited for unauthorized signatures for a suspected reused identity.",
  "id": "GHSA-qqw8-7c2r-jxch",
  "modified": "2026-06-30T18:10:28Z",
  "published": "2026-06-30T18:10:28Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/sigstore/sigstore-java/security/advisories/GHSA-qqw8-7c2r-jxch"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sigstore/sigstore-java/pull/1008"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sigstore/sigstore-java/pull/1185"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sigstore/sigstore-java/commit/4b7a49ebb1813f5b1ff113bcad63246358222d61"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sigstore/sigstore-java/commit/b529335728fc5cfb574161b4b3c06859a8a2aa88"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/sigstore/sigstore-java"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Sigstore Java has a vulnerability with bundle verification of integratedTime"
}

No mitigation information available for this CWE.

CAPEC-463: Padding Oracle Crypto Attack

An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.