Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-739f-hw6h-7wq8

GitHub Security Advisory

PolicyController before 0.2.1 may bypass attestation verification

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

PolicyController will report a false positive, resulting in an admission when it should not be admitted when:
* There is at least one attestation with a valid signature
* There are NO attestations of the type being verified (--type defaults to "custom")

Users should upgrade to cosign version 0.2.1 or greater for a patch. There are no known workarounds at this time.

Affected Packages

Go github.com/sigstore/policy-controller
Affected versions: 0 (fixed in 0.2.1)

Related CVEs

CVE-2022-35930

Key Information

GHSA ID
GHSA-739f-hw6h-7wq8
Published
August 10, 2022 6:38 PM
Last Modified
August 10, 2022 6:38 PM
CVSS Score
7.5 /10
Primary Ecosystem
Go
Primary Package
github.com/sigstore/policy-controller
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 13, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.