CVE-2023-47122

MEDIUM4.2EPSS 0.10%

Gitsign's Rekor public keys fetched from upstream API instead of local TUF client. in github.com/sigstore/gitsign

Published: 11/14/2023Modified: 3/3/2026

Description

Gitsign's Rekor public keys fetched from upstream API instead of local TUF client. in github.com/sigstore/gitsign

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.2	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N