Количество 3
Количество 3
CVE-2026-24408
sigstore-python is a Python tool for generating and verifying Sigstore signatures. Prior to version 4.2.0, the sigstore-python OAuth authentication flow is susceptible to Cross-Site Request Forgery. `_OAuthSession` creates a unique "state" and sends it as a parameter in the authentication request but the "state" in the server response seems not not be cross-checked with this value. Version 4.2.0 contains a patch for the issue.
CVE-2026-24408
sigstore-python is a Python tool for generating and verifying Sigstore ...
GHSA-hm8f-75xx-w2vr
sigstore CSRF possibility in OIDC authentication during signing
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-24408 sigstore-python is a Python tool for generating and verifying Sigstore signatures. Prior to version 4.2.0, the sigstore-python OAuth authentication flow is susceptible to Cross-Site Request Forgery. `_OAuthSession` creates a unique "state" and sends it as a parameter in the authentication request but the "state" in the server response seems not not be cross-checked with this value. Version 4.2.0 contains a patch for the issue. | 0% Низкий | 14 дней назад | |
| CVE-2026-24408 sigstore-python is a Python tool for generating and verifying Sigstore ... | 0% Низкий | 14 дней назад | |
| GHSA-hm8f-75xx-w2vr sigstore CSRF possibility in OIDC authentication during signing | 0% Низкий | 14 дней назад |
Уязвимостей на страницу